Hi,
Like all web applications, I need to provide some kind of session
maintenance. Would the concept of a Realm help in this?
1. Is this the correct application/use of a realm?
2. Is a realm akin to a SSO/LDAP server, where the user's roles and mapping
to actions is stored?
3. How extensible is
1. This is not the usual use of a Realm.
2. Yes, a Realm is used to do the authentication of users, and to define
which Roles they belong to. The mapping to actions would normally be
handled by security-constraints or servlet code in the web-app.
3. o.a.c.Realm is an interface. You can plug
