File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes JAAS Realm Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "JAAS Realm" Watch "JAAS Realm" New topic

JAAS Realm

Nikhil Jain
Ranch Hand

Joined: May 15, 2005
Posts: 389

I came across a tomcat example of jaas. In this example the user had set the realm as "org.apache.catalina.realm.JAASRealm". But the user was using database authentication mechanism. .i.e. in teh Login() method it had the code for access the database & getting the username and password...

So what the user of using this org.apache.catalina.realm.JAASRealm. I find that there are many other realms like org.apache.catalina.realm.JDBCRealm.

how exactly should i use the realm?

SCJP 1.4, SCWCD 1.4, SCBCD 1.5, TOGAF 9, Comptia Cloud+
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
It's hard to say what exactly the code does without seeing it, but JAAS requires a LoginModule that checks the username/password against the user store - maybe that's what you were seeing?

Using JAASRealm is a bit different from the other realms, as it doesn't help so much with validating username/password (like JdbcRealm and DataSourceRealm), but rather hooks the user/role information up to the JAAS system. The benefit of using it is more about authorization than authentication.
I agree. Here's the link:
subject: JAAS Realm
It's not a secret anymore!