https://docs.oracle.com/javaee/7/tutorial/doc/security-intro005.htm
A realm is a security policy domain defined for a web or application server.
A realm contains a collection of users, who may or may not be assigned to a group.
In some applications, authorized users are assigned to roles. In this situation, the role assigned to the user in the application must be mapped to a principal or group defined on the application server
A realm is a complete database of users and groups identified as valid users of one or more applications and controlled by the same authentication policy.
To be simple, Realm is a way of user database implementation. can be in file, then called file realm,
in a certification database, then called certificate realm, etc
Group is purely grouping user together for management convenience. it's service wise.
Role is about access control. An abstraction of relationship between user and resource access. it's application wise.
Role can be mapped user directly or indirectly via group, but the target is to grant user access privileges.
No comments:
Post a Comment