what is the meaning of DataSource Realm?

[eros]

don't have any idea what is the meaning of DataSource Realm in Security..
it means.. it will check the user's name and password in database using SELECT statement..?

i receive this message

for the meantime i use UserDatabase realm (tomcat-users.xml) for mock authentication but we use the DataSource Realm in the future...

[davdres]

I believe this is referring to Apache Tomcat Security

[eros]

I believe this is referring to Apache Tomcat Security

Thanks a lot.... you enlightened me...

With connection to this, let me to give the overview of the requirements..

1) User will login using Windows Login Form via DB SQL select statement..
2) upon windows login form authenticated the user, it will pass an URL to Web Browser Component and do authentication again in the web app side using the DataSource Realm..

My problem is what type of Security do I need with regards to Spring Security 2.0.5....

[davdres]

I'm no expert, but my understanding is that Tomcat provides configurable mechanisms for authenticating a browser to the Web server. It does not provide any authorization functions. Spring Security provides a framework for managing both authentication and authorization. Spring Security also integrates with Tomcat but I don't have experience with the mechanisms of doing that. So if you only need authentication and your think your app will remain fairly static (ie. no growth or changing requirements) then you could just use Tomcat otherwise I'd recommend using Spring Security.

[eros]

i decided to use DaoAuthenticationProvider...

I extends/implements the following because I have different schema and would like to add more information to UserDetails:

1) extends DaoAuthenticationProvider
2) extends JdbcDaoImpl for my UserDetailsService
3) implements UserDetails with my User class...

anybody can share some example codes to start with,....

thanks..