Summary of Authentication types

This table summarizes key attributes of the four authentication types. “Spec” refers to whether this type of authentication mechanism is defined in the HTTP spec or the J2EE spec. (Hint: you’ll need to remember this table when you take the exam.)

Type	Spec	Data Integrity	Comments
BASIC	HTTP	Base64 - weak	HTTP standard, all browsers support it
DIGEST	HTTP	Stronger - but not SSL	Optional for HTTP and J2EE containers
FORM	J2EE	Very weak, no encryption	Allows a custom login screen
CLIENT-CERT	J2EE	Strong - public key, (PKC)	Strong, but users must have certificates

There are no Dumb Questions

Q:
Q: What does data integrity have to do with Authentication?
A:
A: When you’re authenticating a user, she’s sending you her username and password. Data integrity and confidentiality refers to the degree to which an eavesdropper can steal or tamper with this information. In a moment, we’ll talk about how to implement data integrity and confidentiality during login.
Data integrity means that the data that arrives is the same as the data that was sent. In other words, nobody tampered with it along the way. Data confidentiality means that nobody else can see the data along the way. Most of the time, though, we treat data integrity and confidentiality as a single goal—things you do to protect data during transmission.

Get Head First Servlets and JSP, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Head First Servlets and JSP, 2nd Edition by Kathy Sierra, Bryan Basham, Bert Bates

Summary of Authentication types

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly