aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Authentication type Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Authentication type" Watch "Authentication type" New topic
Author

Authentication type

Hendy Setyo Mulyo
Ranch Hand

Joined: Dec 01, 2004
Posts: 219

Hi ranchers,

This is taken from www.j2eecertificate.com

<web-app>
....
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/signin.jsp</form-login-page>
<form-error-page>/signin_error.jsp</form-error-page>
</form-login-config>
</login-config>
...
</web-app>

Given the following extract from a deployment descriptor, which of the following statements regarding authentication are true? [Check all correct answers]

1. The user interface used to capture the username and password can be customised with its own look-and-feel.
2. The username and password is encoded using the Base64 mechanism before being sent to the server.
3. This authentication method is supported by all browsers.
4. This authentication method is supported by all servlet containers that conform to the servlet specification.
5. When a protected resource is requested, the browser opens a dialog box prompting for a username and password.

The answer is: 1, 3, 4
(My answer was: 1, 2, 3, 4)

I understand that FORM auth type is similar to BASIC auth type in the way of sending the password. But I also know that BASIC auth will encode the password in Base64, so why the FORM doesnt encode?
Is the answer correct?
Thanks.


Hendy Setyo Mulyo
SCJP 1.4 (95%), SCWCD 1.4 (94%)
Manju Devarla
Ranch Hand

Joined: Dec 14, 2006
Posts: 85
Using Form auth type, Username and password are sent back in the Request with no encryption
Narendra Dhande
Ranch Hand

Joined: Dec 04, 2004
Posts: 950
Hi,

Using BASIC authentication the username and password sent using base64 encoding, but when you use FORM base authentication they are sent in clear text.

Thanks


Narendra Dhande
SCJP 1.4,SCWCD 1.4, SCBCD 5.0, SCDJWS 5.0, SCEA 5.0
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41571
    
  54
Note that base-64 is an encoding, not an encryption, so it is easily reversed. If you want the password to be transferred securely, use SSL.


Ping & DNS - my free Android networking tools app
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Authentication type