• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

realm - what is the meaning ?

 
Adrian Sosialuk
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everyone,

I find the term realm to be very confusing ...

1) The realm sent by a browser is a pair of user + password - right ?
2) realm also is the place where the authentication information is
stored, so the tomcat-users.xml is an example, right ?

So what is the story of <realm-name> in <login-config> element in DD ?
What is it used for ? Why do we need it ? What can we do with it ?

Cheers,

Adrian
 
Tim Holloway
Saloon Keeper
Posts: 18359
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The realm is the security context itself. In tomcat, you pick a realm type based on the authentication mechanism in use - jdbc, ldap, jaas, xml (your example), etc.
 
Adrian Sosialuk
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tim,

Thanks for your reply.

OK - I thing I got it now. It looks like it's overloaded. Containers uses
realm with regards to policy domain (xml, LDAP, etc...) and HTTP uses it
with regards to the name of a resource in which the user is to be
authenticated - so that's that string which you set up in DD in
<realm-name> element (so it will pop up on the screen together with
other elements asking you for password). I think it works only with
BASIC authentication anyway ...

All the best.

Adrian
 
Don't get me started about those stupid light bulbs.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic