O'Reilly logo

Head First Servlets and JSP, 2nd Edition by Bert Bates, Bryan Basham, Kathy Sierra

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

How to Authenticate in HTTP World: the beginning of a secure transaction

Let’s start with a look at the communications that occur between a browser and a web container when the client asks for a secure resource on the web site. It’s BASIC, really.

The HTTP perspective...

image with no caption

1 The browser makes a request for a web resource, “update.jsp”.

2 The server determines that “update.jsp” is a constrained resource.

3 The container sends back an HTTP 401 (“Unauthorized”), with a www-authenticate header and realm information.

image with no caption

4 The browser gets the 401, and, based on the Realm info, asks the user for his username and password.

5 The browser asks for “update.jsp” again (stateless, remember), but this time the request includes a security HTTP header, and a username and password.

6 The Container verifies that the username and password match, and if they do, performs authorization.

7 If all the security stuff is good, the Container returns the HTML, if not it returns another HTTP 401...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required