Digest Authentication
Digest Authentication
Digest Authentication
Like HTTP basic authentication, HTTP Digest Authentication authenticates a user based on a
user name and a password. However, the authentication is performed by transmitting the
password in an encrypted form which is much more secure than the simple Base64 encoding
used by basic authentication. Digest authentication is not currently in widespread use, and is
not implemented in the Application Server, therefore, there is no further discussion of it in this
document.
Server
Client
trustStore
server.cert
server.keystore
server.cert
3
Verifies
certificate
1
Requests protected resource
2
Presents certificate
4
Sends username:password
5
Accesses protected resource
FIGURE 305
User Name- and Password-Based Mutual Authentication
Defining Security Requirements for Web Applications
The Java EE 5 Tutorial · September 2007
866
