HTTP Basic Authentication
HTTP Basic Authentication
The authentication mechanisms are discussed further in the following sections:
HTTP Basic Authentication
HTTP Basic Authentication requires that the server request a user name and password from the
web client and verify that the user name and password are valid by comparing them against a
database of authorized users. When basic authentication is declared, the following actions
occur:
1. A client requests access to a protected resource.
2. The web server returns a dialog box that requests the user name and password.
3. The client submits the user name and password to the server.
4. The server authenticates the user in the specified realm and, if successful, returns the
requested resource.
shows what happens when you specify HTTP basic authentication.
The following example shows how to specify basic authentication in your deployment
descriptor:
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
Server
Client
2
Requests username:password
3
Sends username:password
4
Returns requested resource
1
Requests a protected resource
FIGURE 302
HTTP Basic Authentication
Defining Security Requirements for Web Applications
The Java EE 5 Tutorial · September 2007
860
