从某种意义上说，领域是服务器中的一些受保护区域/空间.领域应该有一个名字.如果我们从 只是声明(关于 realm):

领域:
要显示给用户的字符串，以便他们知道哪个用户名和使用密码.此字符串应至少包含执行身份验证的主机，并且可能另外指示可能具有访问权限的用户的集合.一个例子可能是registered_users@gotham.news.com".

In DropWizard, I can set up basic auth like so (in the Application#run impl):

BasicAuthProvider<SimplePrincipal> authProvider = new BasicAuthProvider(authenticator, "SECRET_REALM");
environment.jersey().register(authProvider);

I am wondering what the significance of the String realm ("SECRET_REALM") is?

From general security concepts, I understand a "realm" to be a place (database, directory, file, keystore, etc.) where users and roles/permissions are stored.

What does a realm mean in DropWizard, and what's the significance of specifying it inside BasicAuthProvider? Does it create something with this realm under the hood?

A realm is in a sense, some protected area/space in the server. The realm should have a name. If we run the example from this post, using cURL(which I recommend downloading, as it's useful in development), without any user credentials, we will see the following.

C:>curl -i  http://localhost:8080/simple
HTTP/1.1 401 Unauthorized
Date: Thu, 11 Dec 2014 18:55:02 GMT
WWW-Authenticate: Basic realm="Basic Example Realm"
Content-Type: text/plain
Transfer-Encoding: chunked

Credentials are required to access this resource.

This is how the Basic Auth Protocol works. When the server want the user agent to authenticate, to access a secured resource, it will send back a "401 Unauthorized", along with the header similar to

WWW-Authenticate: Basic realm="Basic Example Realm"

The name you provide to the BasicAuthProvider is the realm that will be provided in the header. You can see in the source code

if (required) {
    final String challenge = String.format(CHALLENGE_FORMAT, realm);
    throw new WebApplicationException(
                                    Response.status(Response.Status.UNAUTHORIZED)
                    .header(HttpHeaders.WWW_AUTHENTICATE, challenge)
                    .entity("Credentials are required to access this resource.")
                    .type(MediaType.TEXT_PLAIN_TYPE)
                    .build());

Now try to access the resource from the browser. You will see

You can also see the realm name there. The RFC 2617 just states (about the realm):

realm:
A string to be displayed to users so they know which username and password to use. This string should contain at least the name of the host performing the authentication and might additionally indicate the collection of users who might have access. An example might be "registered_users@gotham.news.com".