This article explains some basic the rational and working of the Apache Geronimo security system. JAAC implementation will not be addressed in this article. The basic concepts on which Geronimo security architecture is build are: Login Domain and Security Realm. These concepts are integrated into the JAAS architecture for use by the container.

A lot of the security terms are overloaded, and you may find many definitions of principals, roles, etc. This article tries to stay with the established frameworks where possible such as OASIS SAML reference model.

Login Domain

According to the SAML specification a principal is a system entity whose identity can be authenticated. An Identity Provider is a service provider that creates, maintains, and manages identity information for principals and provides principal authentication to other service providers.

...