Whats the Difference between a Server Authentication Module and a Pluggable Authentication Realm?
Both are externally developed security components that are integrated in the GlassFish server runtime. Prior to invoking a Realm, the Glassfish runtime (typically) extracts a user name and password from the received request message. The runtime passes the user name and password through the Realm interface to the Realm implementation integrated at the pluggability point. The Realm implementation attempts to validate the password against it’s repository, and on success, populates a JAAS subject with principals and credentials corresponding to the validated identity. In the Realm architecture, the Glassfish runtime, not the pluggable Realm is responsible for parsing the security information in the received message and extracting the information (that is, the user name and password) to be passed to the validation System (that is the Realm). The Realm interface is basically a pluggable password validation facility, which relies on the calling runtime to extract the username and password fro
