Web applications can use several styles of authentication, controlled by the login-config element in the web.xml deployment descriptor. For example, here's that section for a web application with form-based login:

<login-config>
  <auth-method>FORM</auth-method>
  <realm-name>My Application Realm</realm-name>
  <form-login-config>
     <form-login-page>/login/login.jsp</form-login-page>
     <form-error-page>/login/login-err.jsp</form-error-page>
  </form-login-config>
</login-config>

The question is, when a user logs in using the configuration here, which security realm will process their username and password and decide what access to grant them? In Geronimo, this is controlled by which realm is named in the security-realm-name element (see Section 11.3.5, “Security Settings”). Of course, that security realm must also be configured in Geronimo, using the process covered in Chapter 9, Security Configuration [DRAFT (1.0-pre)]. For example:

WEB-INF/geronimo-web.xml

<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.0"
      xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.0"
      configId="MyWebApp">
  <security-realm-name>
    geronimo-properties-realm
  </security-realm-name>
</web-app>

This deployment plan would result in the web container using a security realm named "geronimo-properties-realm", which is the standard realm in Geronimo containing the administrator account. If a different name was specified there, a different security realm would need to be configured to match.