Securityfilter works by intercepting requests before your servlet is accessed. It checks the Principal associated with the request against the roles that are allowed for the URL pattern. If there is no Principal, the user is asked to login. If the user is logged-in but the user is not allowed to see the page, then a 403 error is returned.
The <realm> tag is used by security filter to set up authentication (that's checking username and password). The realm's job is to take a username and password and make sure that they are valid -- usually looking them up in a database or something like that.
You can use your own hand-written realm, or re-use one that comes with Apache Tomcat.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Everybody,
Iam very new to security filter concept. Can anybody explain me how the filter works and
the importance of realm tag in securityfilter-config.xml.
Securityfilter works by intercepting requests before your servlet is accessed. It checks the Principal associated with the request against the roles that are allowed for the URL pattern. If there is no Principal, the user is asked to login. If the user is logged-in but the user is not allowed to see the page, then a 403 error is returned.
The <realm> tag is used by security filter to set up authentication (that's checking username and password). The realm's job is to take a username and password and make sure that they are valid -- usually looking them up in a database or something like that.
You can use your own hand-written realm, or re-use one that comes with Apache Tomcat.