Besides reimplementing form-based authentication, you can also re-implement basic authentication. It's just a matter of checking for appropriate HTTP "Authorization" headers, and returning 401 status responses if they're missing.
Parth Twari wrote:Is there any kind of programatic authentication? I had read about programmatic authorization .But as far as i know about authentication you have to use the DD's element <login-config> .
But HF page 846 , Q. 37 says
It is not necessary to use DD of the application in order to verfiy that users are who they say they are. Use programmatic authentication instead.
What is right ?
Regarding the older Servlet Specification, you can use
in order to verify that users are who they say they are.
I think that real programmatic authentication is introduced with Servlet 3.0 spec in HttpServletRequest :
It uses the container login mechanism configured for the ServletContext to authenticate the user making this request.
No additional configuration is necessary to have the login popup window displayed.
Only a .
With Servlet 3.0. there is more there for programmatic authentication :