Java Reference
In-Depth Information
Using the login module in the Ticket web
We can now apply the RoleDirect login module in the Ticket web application described
in Chapter 4 , Learning Context and Dependency Injection (you could pick the version from
another chapter if you like). We will first show how to provide a BASIC web authentica-
tion, and then we will show a slightly more complex example using FORM-based authen-
BASIC-access authentication is the simplest way to provide a username and password
when making a request through a browser.
It works by sending an encoded string containing the user credentials. This
Base64-encoded string is transmitted and decoded by the receiver, resulting in colon-separ-
ated username and password strings. When it comes to safety, BASIC authentication is
usually not the best solution. The password can be stolen during the transmission, so SSL is
a must in order to protect it.
Turning on web authentication requires the security-constraints element to be
defined in the web application configuration file ( web.xml ), as shown in the following
code snippet:
<web-app xmlns=""
. . . . . .
<description>application security constraints
Search WWH ::

Custom Search