<< Back to previous view

[GLASSFISH-3806] realm-name should not be used for security auth realm Created: 26/Oct/07  Updated: 06/Mar/12

Status: Open
Project: glassfish
Component/s: security
Affects Version/s: 9.1pe
Fix Version/s: not determined

Type: Improvement Priority: Major
Reporter: raharsha Assignee: raharsha
Resolution: Unresolved Votes: 0
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: All
Platform: Linux

Issuezilla Id: 3,806
Participants: kumarjayanti, raharsha and Tom Mueller


<!-- The realm name element specifies the realm name to use in HTTP Basic
authorization. Used in : login-config. -->
Following is my understanding of use of realm-name under login-config in
web.xml. It is to be used as a logical entity to group users when requesting
client to authenticate.

<auth-realm classname="class name" name="jdbc_Digest_Realm_Name">

The information is also being used in glassfish to map to actual realm name of

element from domain.xml
<auth-realm classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"

element from web.xml


Use of realm-name under login-config to map to name attribute under auth-realm
is not right and we should have a different way to configure backends
(JDBC/LDAP etc) for a app.

This also confuses developers using netbeans, as realm name is enabled only for
BASIC authentication, so they have to edit the xml manually to enter the realm

This may break backward compatibility.

Comment by kumarjayanti [ 29/Oct/07 11:51 PM ]

There is no BUG to be fixed here. The proposal is to make some changes in the
way the name attribute of an auth-realm is being used by current GF.

Marking it as an Enhancemen to be looked at in V3.

Comment by Tom Mueller [ 06/Mar/12 09:56 PM ]

Bulk update to change fix version to "not determined" for all issues still open but with a fix version for a released version.

Generated at Mon Apr 21 02:43:45 UTC 2014 using JIRA 4.0.2#472.