Tomcat comes out of the box with the following security realms, i.e. modules that does Authentication and Authorization.
| Name | CIS Tomcat 8 Benchmark Note * |
|---|---|
| JDBCRealm | NOT for Production |
| DataSourceRealm | |
| JNDIRealm (LDAP) | |
| UserDatabaseRealm | NOT for Large-Scale Installations |
| MemoryRealm | NOT for Production |
| JAASRealm | NOT widely used and therefore the code is not as mature as the other realms. |
*) CIS_Apache_Tomcat_8_Benchmark_v1.0.1.pdf
This leaves us with only two production ready realms: DataSourceRealm and JNDIRealm (LDAP)
There are two other Realms (CombinedRealm and LockOutRealm), but they do not do authentication and authorization.
No comments:
Post a Comment