Summary of Authentication types
This table summarizes key attributes of the four authentication types. “Spec” refers to whether this type of authentication mechanism is defined in the HTTP spec or the J2EE spec. (Hint: you’ll need to remember this table when you take the exam.)
Type | Spec | Data Integrity | Comments |
---|---|---|---|
BASIC | HTTP | Base64 - weak | HTTP standard, all browsers support it |
DIGEST | HTTP | Stronger - but not SSL | Optional for HTTP and J2EE containers |
FORM | J2EE | Very weak, no encryption | Allows a custom login screen |
CLIENT-CERT | J2EE | Strong - public key, (PKC) | Strong, but users must have certificates |
Get Head First Servlets and JSP, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.