aspose file tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Authentication" Watch "Authentication" New topic


Anup Om
Ranch Hand

Joined: Dec 30, 2009
Posts: 62

When FORM based authentication is used, the container creates a session and it uses this session to track further requests for constrained URLs (and not ask for login information again).

But, when BASIC authentication is used, how does the container track requests for constrained resources?

Thanks for help in advance.

Frits Walraven
Creator of Enthuware JWS+ V6

Joined: Apr 07, 2010
Posts: 1927

Hi Anu,

With BASIC authentication the same thing applies: it is up to the servlet container to handle that

According to the specs (SRV.12.6 Server Tracking of Authentication Information)
As the underlying security identities (such as users and groups) to which roles are
mapped in a runtime environment are environment specific rather than application
specific, it is desirable to:
1. Make login mechanisms and policies a property of the environment the web
application is deployed in.
2. Be able to use the same authentication information to represent a principal to
all applications deployed in the same container, and
3. Require re-authentication of users only when a security policy domain boundary
has been crossed.
Therefore, a servlet container is required to track authentication information
at the container level (rather than at the web application level). This allows users
authenticated for one web application to access other resources managed by the
container permitted to the same security identity.

This makes it even possible to be authenticated for a number of web applications in the same JRE.

I agree. Here's the link:
subject: Authentication