You can implement authentication yourself. Basically it is about checking username and password against a list of users that are allowed to use your web-app.
HTTP provides you a couple of solutions so why not make use of those, but programmatically everything is possible of course
Joined: Jan 20, 2010
ok.. so DD is not absolutely neccesary to carry out authentication in a webapp.
Joined: Jul 14, 2008
Using DD for authentication is one of the solution and not the only solution...
You can manage your list of user names / passwords in any secure way be it a database or LDAP ...
~ Alagesh (SCWCD - 91 %)
"Education's purpose is to replace an empty mind with an open one"
Joined: Oct 14, 2008
Besides reimplementing form-based authentication, you can also re-implement basic authentication. It's just a matter of checking for appropriate HTTP "Authorization" headers, and returning 401 status responses if they're missing.
Joined: Oct 07, 2004
Parth Twari wrote:Is there any kind of programatic authentication? I had read about programmatic authorization .But as far as i know about authentication you have to use the DD's element <login-config> .
But HF page 846 , Q. 37 says
It is not necessary to use DD of the application in order to verfiy that users are who they say they are. Use programmatic authentication instead.
What is right ?
Regarding the older Servlet Specification, you can use
in order to verify that users are who they say they are.
I think that real programmatic authentication is introduced with Servlet 3.0 spec in HttpServletRequest :
It uses the container login mechanism configured for the ServletContext to authenticate the user making this request.
No additional configuration is necessary to have the login popup window displayed.
Only a .
With Servlet 3.0. there is more there for programmatic authentication :