Sun Java System Web Server 6.1 SP6 Programmer's Guide to Web Applications

Native Realm

The native realm is a special realm that provides a bridge between the core Sun Java System Web Server ACL-based authentication and the J2SE/Servlet authentication model. By using the native realm for Java web applications, it becomes possible to have the ACL subsystem perform the authentication (instead of having the Java web container do so) and yet have this identity available for Java web applications.

This functionality is provided by pluggable realm called NativeRealm, which acts as a bridge between the J2SE security subsystem and the access control security subsystem.

Depending on whether a security constraint is configured for a web application, the two modes of operation described below are supported by the native realm:

For more details about access control lists, see the Sun Java System Web Server 6.1 SP6 Administrator’s Guide.

Note –

While it is possible to apply both ACL access control rules and web.xml security constraints on a single application, this usage is discouraged. It may lead to duplicate authentication prompts or otherwise confusing behavior. You should always pick either core ACL or J2SE web.xml-based access control mechanisms for a given web application.