Sometimes it’s easier to use server based authentication than to implement your own authentication. Just write some lines in some xml and everything works.
But what if your users don’t respect all the rules for a standard tomcat authentication?
The smart guys from Tomcat have a solution for that. You can write your own Realm Authentication.
In my case I needed a SSL + LDAP authentication. Tomcat has standard authentication for each one, but not combined.
The SSL certificate provides an username that must be verified in the LDAP (if the user has the right permissions).
A Realm authentication is defined by the org.apache.catalina.Realm interface. But it’s easier to extend RealmBase and override some methods instead of implementing Realm.