geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: what is relation between a security-realm-name and a credential-store?
Date Mon, 05 Apr 2010 18:17:49 GMT

On Apr 5, 2010, at 10:41 AM, Sarah.kho wrote:

> Hi,
> Can you please let me know what is the relation between security-realm-name

a security realm is a way to go from credentials to a complete Subject that can be used for
authorization.  It has a name to identify it.

> and a credential-store which we can use in the geronimo-web.xml?

In Geronimo, all Subjects come from a security realm.  Therefore if you want a default subject
or a subject for a role to use in a run-as-role, you need some credentials to supply to the
security realm to get the subject out.  These are held in a credential store.  If you don't
want unauthenticated users to have any roles and you don't use run-as roles you don't need
a credential store.

dsvid jencks

> thanks.
> -- 
> View this message in context:
> Sent from the Users mailing list archive at

View raw message