Realm name in tomcat (web.xml)

Question

What is the realm-name in the tomcat.

<login-config> 
     <auth-method>BASIC</auth-method> 
     <realm-name></realm-name> 
</login-config>

In the above code I have to fill the realm-name element. I have seen the following code in the server.xml file:

<Realm className="org.apache.catalina.realm.UserDatabaseRealm" 
            resourceName="UserDatabase"/>

Where is the realm-name specified? Is it the user name?

score 14 · Accepted Answer · answered Jun 05 '12 at 06:12

14

Realm name is not the user name. It is the authentication realm, 'typically a description of the computer or system being accessed" - see http://en.wikipedia.org/wiki/Basic_access_authentication. This should be name that makes sense for the resource you are protecting.

answered Jun 05 '12 at 06:12

stevedbrown

8,862
8
43
58

5

It's basically something you make up. It doesn't have to match anything, it should just make sense for your application. – stevedbrown Jun 07 '12 at 12:18

score 9 · Answer 2 · answered Jul 06 '13 at 13:42

The value <realm-name> element is used to calculate the digested value of a cleartext password, as described here http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#Digested_Passwords

If <realm-name> element is not specified in web.xml, the default value of "Authentication required" is used.

Realm name in tomcat (web.xml)

2 Answers2

Linked