Java Reference
In-Depth Information
Note
BASIC-access authentication is the simplest way to provide a username and
password when making a request through a browser.
It works by sending an encoded string containing the user credentials. This
Base64-encoded string is transmitted and decoded by the receiver, resulting in
the colon-separated username and password strings.
Turning on web authentication requires the
security-constraints
element to
be defined in the web application configuration file (
web.xml
), as shown in the fol-
lowing code snippet:
<web-app>
. . . . . .
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAuth</web-resource-name>
<description>application security
constraints
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>file</realm-name>
</login-config>
<security-role>
