I read this comment: "don't use JDBCRealm at all: it does not scale at all since there is a single JDBC Connection object used for all database communication. You are better off using DataSourceRealm"
What does it mean in a greater detail?
Incase you don't know about why and what realms are- for JAVA web applications, authentication and authorization can be handled either by the application or by the container(Tomcat etc.). If one chooses to use the container, you need to specify a user-store(a place where usernames,hopefully encrypted passwords, roles etc are stored). This could even be your tomcat-users xml incase of Tomcat. Or you could use a database(MYSQL etc.) or a directory(Active Directory etc.) . Tomcat connects to the database using JDBC(your JDBC realm) and to the directory using JNDI(your DataSourceRealm).
Coming to your question JDBC connections are expensive, have pooling limitations, and suffer from high synchronization which means in a high load application, authentication may fail for some requests due to unavailability JDBC. JNDI has better pooling being read optimized, and as such gives better performance.