What Are Realms, Users, Groups
What Are Realms, Users, Groups
This section discusses setting up users so that they can be correctly identified and either given
access to protected resources, or denied access if the user is not authorized to access the
protected resources. To authenticate a user, you need to follow these basic steps:
1. The Application Developer writes code to prompt the user for their user name and
password. The different methods of authentication are discussed in
2. The Application Developer communicates how to set up security for the deployed
application by use of a deployment descriptor. This step is discussed in
3. The Server Administrator sets up authorized users and groups on the Application Server.
This is discussed in
4. The Application Deployer maps the application's security roles to users, groups, and
principals defined on the Application Server. This topic is discussed in
What Are Realms, Users, Groups, and Roles?
A realm is defined on a web or application server. It contains a collection of users, which may or
may not be assigned to a group, that are controlled by the same authentication policy.
Managing users on the Application Server is discussed in
An application will often prompt a user for their user name and password before allowing
access to a protected resource. After the user has entered their user name and password, that
information is passed to the server, which either authenticates the user and sends the protected
resource, or does not authenticate the user, in which case access to the protected resource is
denied. This type of user authentication is discussed in
In some applications, authorized users are assigned to roles. In this situation, the role assigned
to the user in the application must be mapped to a group defined on the application server.
shows this. More information on mapping roles to users and groups can be found
in
Working with Realms, Users, Groups, and Roles
The Java EE 5 Tutorial · September 2007
778