File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Http Digest Authentication and HttpsClient Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Http Digest Authentication and HttpsClient Authentication" Watch "Http Digest Authentication and HttpsClient Authentication" New topic

Http Digest Authentication and HttpsClient Authentication

Chandra Bairi
Ranch Hand

Joined: Sep 12, 2003
Posts: 152
Hello all,
I am very sorry if this a silly question. But what are the different types of authentication? and what exactly is Http Digest Authentication and Https Client authentication. can i get an article which can give me some information about the different authentication mechanisms?
thanks in advance.

Andres Gonzalez
Ranch Hand

Joined: Nov 27, 2001
Posts: 1561
Here's is a very quick explanation:
authentication mechanism:
Digest: it is more secure than basic authentication (read basic auth explanation) because the password is sent in MD5 format. But it is not supported by all browsers and the servlet spec doesn't force the containers to implement it.

HTTPS Client: This authentication uses secure socket layer. An SSL connection is established between client-server and all data is sent encrypted. It is the most expensive to implement though.
Basic: Very basic. Username/password is sent in plain text. have you tried accessing web pages and always get a pop up window asking you for a username/pwd for a particular realm. Well, that's basic authentication, in most cases.
FORM-based: It's the same as basic authentication, but you have a bit more flexibility. You can create your own html form (just to improve the look and feel of the user interface -basic authentication does not allow you to modify the pop up window-). Again, password is sent in plain text.
A very quick explanation. You might want to search separately each term, you probably find more results that way.

I'm not going to be a Rock Star. I'm going to be a LEGEND! --Freddie Mercury
I agree. Here's the link:
subject: Http Digest Authentication and HttpsClient Authentication
jQuery in Action, 3rd edition