...
- the authentication step, to ensure a user is who he claims to be (using credentials validation),
- the authorization step, to ensure the authenticated user is allowed to see a certain part of Datafari (be it admin pages or secured documents in the search results list).
To manage that propery, we rely on the Tomcat Realm mechanisms. Still, there was no existing realm to satisfy our needs, which are to do the authentication either on a remote LDAP/AD or on our MongoDB, and to do the authorization on our MongoDB (and Solr for the search part, but this is another story). This is why we have created CustomCombinedRealm and a user data model in our MongoDB.
...