Are you talking about
Tomcat? I'm not sure this is strictly a
JDBC question.
I usually refer to it as programatic or declarative security i.e. security declared in code (maybe even beans) or in the container declaration or configuration. JDBCRealm is one way of implementing declarative security in Tomcat.
It is intially easier to manage security by writing the code into the page, but this quickly becomes nightmarish, particularly when you have some pages that are secure and some that aren't, and some that have a kind of hybrid mixture.
Personally my choice to always use the declarative kind. You then write minor code to manage code changes based on user roles, but you do that in the programming solution anyway.
Dave