This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Security and the fly likes JAAS Realm Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Engineering » Security
Bookmark "JAAS Realm" Watch "JAAS Realm" New topic

JAAS Realm

Nikhil Jain
Ranch Hand

Joined: May 15, 2005
Posts: 385

I came across a tomcat example of jaas. In this example the user had set the realm as "org.apache.catalina.realm.JAASRealm". But the user was using database authentication mechanism. .i.e. in teh Login() method it had the code for access the database & getting the username and password...

So what the user of using this org.apache.catalina.realm.JAASRealm. I find that there are many other realms like org.apache.catalina.realm.JDBCRealm.

how exactly should i use the realm?

SCJP 1.4, SCWCD 1.4, SCBCD 1.5
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42958
It's hard to say what exactly the code does without seeing it, but JAAS requires a LoginModule that checks the username/password against the user store - maybe that's what you were seeing?

Using JAASRealm is a bit different from the other realms, as it doesn't help so much with validating username/password (like JdbcRealm and DataSourceRealm), but rather hooks the user/role information up to the JAAS system. The benefit of using it is more about authorization than authentication.
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link:
subject: JAAS Realm
It's not a secret anymore!