sometimes when I go to certain secure sites, there will be a native popup initiated by the browser to input user name and password. this is similar to when you go to an ftp site, it sometimes require you to log in. How does this work? How would I initiate this from the server side? thanks
It's called Basic Authentication. And, it's implemented by you setting the appropriate header and status in your resoponse back to the client. Another way is to just specify via your deploment descriptor (web.xml) which resources are protected. Just search the net or take a look at the example in chapter 4 of the following very good book.