File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Authentication type Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Authentication type" Watch "Authentication type" New topic

Authentication type

Hendy Setyo Mulyo
Ranch Hand

Joined: Dec 01, 2004
Posts: 219

Hi ranchers,

This is taken from


Given the following extract from a deployment descriptor, which of the following statements regarding authentication are true? [Check all correct answers]

1. The user interface used to capture the username and password can be customised with its own look-and-feel.
2. The username and password is encoded using the Base64 mechanism before being sent to the server.
3. This authentication method is supported by all browsers.
4. This authentication method is supported by all servlet containers that conform to the servlet specification.
5. When a protected resource is requested, the browser opens a dialog box prompting for a username and password.

The answer is: 1, 3, 4
(My answer was: 1, 2, 3, 4)

I understand that FORM auth type is similar to BASIC auth type in the way of sending the password. But I also know that BASIC auth will encode the password in Base64, so why the FORM doesnt encode?
Is the answer correct?

Hendy Setyo Mulyo
SCJP 1.4 (95%), SCWCD 1.4 (94%)
Manju Devarla
Ranch Hand

Joined: Dec 14, 2006
Posts: 85
Using Form auth type, Username and password are sent back in the Request with no encryption
Narendra Dhande
Ranch Hand

Joined: Dec 04, 2004
Posts: 951

Using BASIC authentication the username and password sent using base64 encoding, but when you use FORM base authentication they are sent in clear text.


Narendra Dhande
SCJP 1.4,SCWCD 1.4, SCBCD 5.0, SCDJWS 5.0, SCEA 5.0
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
Note that base-64 is an encoding, not an encryption, so it is easily reversed. If you want the password to be transferred securely, use SSL.
I agree. Here's the link:
subject: Authentication type
It's not a secret anymore!