Realm name in tomcat (web.xml)

tomcat security web.xml
Krishna picture Krishna · Jun 5, 2012 · Viewed 22k times · Source

What is the realm-name in the tomcat.

<login-config> 
     <auth-method>BASIC</auth-method> 
     <realm-name></realm-name> 
</login-config>

In the above code I have to fill the realm-name element. I have seen the following code in the server.xml file:

<Realm className="org.apache.catalina.realm.UserDatabaseRealm" 
            resourceName="UserDatabase"/>

Where is the realm-name specified? Is it the user name?

Answer

stevedbrown picture stevedbrown · Jun 5, 2012

Realm name is not the user name. It is the authentication realm, 'typically a description of the computer or system being accessed" - see http://en.wikipedia.org/wiki/Basic_access_authentication. This should be name that makes sense for the resource you are protecting.

Related questions

Using Apache httpclient for https

I have enabled https in tomcat and have a self-signed certificate for server auth. I have created an http client using Apache httpClient. I have set a trust manager loading the server certificate. The http client can connect with server …

Read More
Imported certificate to Java keystore, JVM ignores the new cert

I'm trying to get an application running on top of Tomcat 6 to connect to an LDAP server over SSL. I imported certificate of the server to keystore using: C:\Program Files\Java\jdk1.6.0_32\jre\lib\security>keytool -importcert -trustcacerts …

Read More
How can I restrict access to certain URLs by source IP in Tomcat?

I want to restrict access to certain URLs in my Tomcat webapp. Only 3 known IP addresses should be allowed access to URLs that fit a certain pattern. e.g. http://example.com:1234/abc/personId How can I achieve this?

Read More