• The main purpose of authentication is to verify a user’s access to a protected segment of the web application
  • Authentication is of two types, namely basic authentication and form-based authentication

The responsibilities of authentication systems are:

  • Verify the user and provide a safe communication passage
  • Gather information about the way the user accesses the system

J2EE supports four types of authentication mechanisms

  • HTTP Basic Authentication
  • Form-based Authentication
  • Client/Server Mutual Authentication
  • HTTP Digest Authentication

Java Container Authentication

  • Authentication in a web application is role-based, i.e., a user needs to be assigned a role in order to access the web application, e.g., a customer, developer or manager
  • A role gets access only when the identity of the user is identified by the container, and for all other cases, access is denied, resulting in HTTP 401 status code
  • Information about the role and user that is already stored in the database of the web application is compared with that of the user who wants to access the web application
  • After authentic validation of the user, his roles are assigned by the web application through one of the following methods
    – JDBC Login Module
    – LDAP Login Module
    – Windows Login Module
    – Custom JAAS Login Module
  • In Java, container authenticates web application, i.e., tomcat, jboss, performs the process of authentication
  • These results of the authentication are passed on to the web application, thus avoiding the need to implement authentication code such as HTTP Basic or NTLM