File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Does <auth-method> can have vendor-specific authentication scheme? Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


JavaRanch » Java Forums » Professional Certification » Web Component Certification (SCWCD/OCPJWCD)
Reply Bookmark "Does <auth-method> can have vendor-specific authentication scheme?" Watch "Does <auth-method> can have vendor-specific authentication scheme?" New topic
Author

Does <auth-method> can have vendor-specific authentication scheme?

Maciek Mike
Greenhorn

Joined: Feb 03, 2010
Posts: 22
posted private message
Quote
Hi,

Does <auth-method> can have vendor-specific authentication scheme? In one of my mock questions I found
this as the correct answer. Could someone please provide any example of vendor-specifiv authentication scheme?
Thanks in advance.
SCJP 5.0 (94%), SCJD (388/400), SCWCD (97%)
chandan kumar mitwaa
Ranch Hand

Joined: Jul 01, 2009
Posts: 49
posted private message
Quote
Maciek Mike wrote:Hi,

...In one of my mock questions I found this as the correct answer. Could someone please provide any example of vendor-specifiv authentication scheme?
Thanks in advance.



Please specify the source of the mock question. As such <auth-method> can take only one of the four values in DD.

Thanks,
Chandan Kumar
Maciek Mike
Greenhorn

Joined: Feb 03, 2010
Posts: 22
posted private message
Quote
I found it in whizlabs
Chinmaya Chowdary
Ranch Hand

Joined: Apr 21, 2008
Posts: 432
posted private message
Quote
Hi, Maciek.

It is possible to include vendor-specific authentication. Suppose container/server uses BASIC authentication for the constrained resource. When a request comes to the constrained resource, container checks wether the resource is constrained or not? If it is constrained uses its BASIC authentication, which actually based on HTTP headers and sends response to the client with header like,
WWW-Authenticate: Basic realm="container/server related realm name"
Since we know Basic authentication uses Base64 encoding alogorithm. Then browser pop ups the window asking for username and password. When user enters it, then it encodes the username and password with base64 algorithm and sends the encoded values to the container through HTTP headers. Then server decodes them and gets the actual username and passwords and goes to another step autherization.

The above procedure shows the way to use 'vendor-specific authentication'(I am guessing this). Suppose if the vendor wants to use 'Symmetric key crytographic techniques' for the encryption and decryption. And if they made an algorithm based upon this cryptography and wants to use this type in authentication through HTTP headers. Then vendor provides authentication method like .

When a request comes to the constrained resouce, then it uses this authentication method and provides the response to the client with header like,
WWW-Authenticate: Symmetric realm="container/server related realm name"
. Then browser has to know how to deal with this type of authentication header. To deal with this type of header, it must have symmetric key crypthographic software installed in it as the container included. When user enters username and password encrypts it with this cryptograhic techniques and sends the request to the client. Then container decrypts it and moves to the next step 'autherization'.

It is even possible to use different protocol, like not using HTTP. More information, see this.
Maciek Mike
Greenhorn

Joined: Feb 03, 2010
Posts: 22
posted private message
Quote
thanks very much for your great answer
 
 
subject: Does <auth-method> can have vendor-specific authentication scheme?
 
developer file tools