...

One example of Login Domain is LDAP directory server, it combines maintenance of identity information and other attributes (such as groups). Relational databases with tables for users and groups is another.

Security Realm

Security realm configures and enforces application-specific authentication policy and is the entry point into login domains; . Security realm implements pluggable authentication framework allowing for a combination of authentication protocols with different properties and different trust relationships that match application requirements; .

Authentication policy for the security realm is expressed as a statement over authentication outcome of configured login domains;.

For example, we you can configure security realm with 2 two login domains: , for example kerberos , and active directory, and require that both of them succeed for the authentication to succeed. Or we you can configure a security realm with the LDAP directory login domain without any regard for the authentication outcome from it (maybe because we you do not trust it); . The point here is that we you express an authentication policy and you have a security realm enforce it;.

Of course, security realm authentication policy emulates JAAS login module combination semantics. In fact, security realm implementation is wired with the JAAS login modules that are configured with the familiar attributes such as control flag and options; Authentication . The authentication procedure is driven by the Login Module JAAS API and the authentication result is computed over control flag values and authentication outcomes of individual login modules;.

Authentication and Principals

...