Pet store app does not use any web based authentication i.e form based etc and instead uses application level authetication based on DB. My question is that, in form based authentication, web container sends security context (user/role etc) with every request. How is it done if I use application level authentication? Hidden fields on each page? I am not clear. Also why couldn't form based authentication used with DB realm? What is the advantage of using application level authentication?