IntelliJ open source
[Logo] JavaRanch » JavaRanch Saloon
  Search | FAQ | Recent Topics | Hot Topics
Register / Login


Reply Bookmark it! Watch this topic JavaRanch » Forums » Professional Certification » Web Component Certification (SCWCD)
 
RSS feed
  
New topic
Author

Does <auth-method> can have vendor-specific authentication scheme?
Maciek Mike
Greenhorn

Joined: Feb 03, 2010
Messages: 22

[Post New]posted private message
Quote [Up]
Hi,

Does <auth-method> can have vendor-specific authentication scheme? In one of my mock questions I found
this as the correct answer. Could someone please provide any example of vendor-specifiv authentication scheme?
Thanks in advance.
SCJP 5.0 (94%), SCJD (388/400), SCWCD (97%)
chandan kumar mitwaa
Ranch Hand

Joined: Jul 01, 2009
Messages: 49

[Post New]posted private message
Quote [Up]
Maciek Mike wrote:Hi,

...In one of my mock questions I found this as the correct answer. Could someone please provide any example of vendor-specifiv authentication scheme?
Thanks in advance.



Please specify the source of the mock question. As such <auth-method> can take only one of the four values in DD.
Thanks,
Chandan Kumar
Maciek Mike
Greenhorn

Joined: Feb 03, 2010
Messages: 22

[Post New]posted private message
Quote [Up]
I found it in whizlabs
SCJP 5.0 (94%), SCJD (388/400), SCWCD (97%)
Chinmaya Chowdary
Ranch Hand

Joined: Apr 21, 2008
Messages: 423

[Post New]posted private message
Quote [Up]
Hi, Maciek.

It is possible to include vendor-specific authentication. Suppose container/server uses BASIC authentication for the constrained resource. When a request comes to the constrained resource, container checks wether the resource is constrained or not? If it is constrained uses its BASIC authentication, which actually based on HTTP headers and sends response to the client with header like,
WWW-Authenticate: Basic realm="container/server related realm name"
Since we know Basic authentication uses Base64 encoding alogorithm. Then browser pop ups the window asking for username and password. When user enters it, then it encodes the username and password with base64 algorithm and sends the encoded values to the container through HTTP headers. Then server decodes them and gets the actual username and passwords and goes to another step autherization.

The above procedure shows the way to use 'vendor-specific authentication'(I am guessing this). Suppose if the vendor wants to use 'Symmetric key crytographic techniques' for the encryption and decryption. And if they made an algorithm based upon this cryptography and wants to use this type in authentication through HTTP headers. Then vendor provides authentication method like .

When a request comes to the constrained resouce, then it uses this authentication method and provides the response to the client with header like,
WWW-Authenticate: Symmetric realm="container/server related realm name"
. Then browser has to know how to deal with this type of authentication header. To deal with this type of header, it must have symmetric key crypthographic software installed in it as the container included. When user enters username and password encrypts it with this cryptograhic techniques and sends the request to the client. Then container decrypts it and moves to the next step 'autherization'.

It is even possible to use different protocol, like not using HTTP. More information, see this.
Maciek Mike
Greenhorn

Joined: Feb 03, 2010
Messages: 22

[Post New]posted private message
Quote [Up]
thanks very much for your great answer
SCJP 5.0 (94%), SCJD (388/400), SCWCD (97%)
 
 
 
Reply Bookmark it! Watch this topic JavaRanch » Forums » Professional Certification » Web Component Certification (SCWCD)
 
RSS feed
  
New topic
JProfiler
Get rid of your performance problems and memory leaks!