0" encoding="ISO-8859-1"?>
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=
"http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
coreservlets.DumbDeveloperException
/WEB-INF/jspPages/DDE.jsp
Chapter 2 ?– Controlling Web Application Behavior with web.xml 78
2.10 Providing Security
Use of the server??™s built-in capabilities to manage security is discussed in Chapter 3
(Declarative Security). This section summarizes the web.xml elements that relate to
this topic.
Designating the Authentication Method
You use the login-config element to specify how the server should authenticate
users who attempt to access protected pages. It contains three possible subelements:
auth-method, realm-name, and form-login-config.
auth-method
This subelement of login-config lists the specific authentication mechanism
that the server should use. Legal values are BASIC, DIGEST, FORM, and
CLIENT-CERT. Servers are only required to support BASIC and FORM.
BASIC specifies that standard HTTP authentication should be used, in
which the server checks for an Authorization header, returning a 401 status
code and a WWW-Authenticate header if the header is missing. This causes
the client to pop up a dialog box that is used to populate the Authorization
header.
Pages:
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117