This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
HTTP basic authentication In basic authentication, a Web server requests a Web client to authenticate the user. The Web client obtains the username and the password from the user through a login box and transmits them to the Web server. The Web server then authenticates the user in the specified realm. Though it is quite easy to set up, it is not secure because simple base64 encoding is used. It is supported by all the common browsers.
HTTP digest authentication The HTTP digest authentication also gets the username/password details in a manner similar to that of basic authentication. However, the authentication is performed by transmitting the password in an encrypted form. Only some Web browsers and containers support it. Form-based authentication Form-based authentication allows a developer to control the look and feel of the login screens. The login form must contain fields for entering a username and password. These fields must be named j_username and j_password, respectively.
Form-based authentication has the same lack of security as basic authentication because the user password is transmitted as plain text and the target server is not authenticated. However, it is quite easy to implement and is supported by most of the common browsers.
HTTPS client authentication End-user authentication using HTTP over SSL (HTTPS) requires the user to possess a public key certificate (PKC). All the data is transmitted after incorporating public key encryption. It is the most secure authentication type and is supported by all the common browsers.
I think now you can figure out, what to use, yourself.