HTML and CSS Reference
In-Depth Information
Authentication
Java EE containers provide different types of authentication mechanisms:
•
HTTP Basic
•
Form-based
•
Digest
HTTP Basic Authentication
In HTTP basic authentication, the server requests a user name and password from the web client and verifies that
the user name and password are valid by comparing them against a database of authorized users in a specified or
default realm. Basic authentication is the default when you do not specify an authentication mechanism in the web
configuration file.
When basic authentication is used, the following steps occur:
•
A client requests access to a protected resource.
•
The web server returns a dialog box that requests the user name and password.
•
The client submits the user name and password to the server.
•
The server authenticates the user in the specified realm and, if successful, returns the
requested resource.
■
Note
realm is a store for the users and the groups of the system.
Form-Based Authentication
In form-based authentication, you can develop and customize login and error pages in your application. When
form-based authentication is declared in the web configuration file, the following steps occur:
•
A client requests access to a protected resource.
•
If the client is unauthenticated, the server redirects the client to a login page.
•
The client submits the login form to the server.
•
The server attempts to authenticate the user.
•
If authentication succeeds, the authenticated user's principal is checked to ensure that it is in
a role that is authorized to access the resource (Authorization). If the user is authorized,
the server redirects the client to the resource by using the stored URL path.
•
If authentication fails, the client is forwarded or redirected to an error page.
For a complete example of form-based authentication, check the section “Applying Managed Security in the
Weather Application.”
