Authentication Types (Sun GlassFish Enterprise Server v3 Administration Guide)

Sun GlassFish Enterprise Server v3 Administration Guide

Authentication Types

Within its deployment descriptors, an application specifies the type of authentication that it uses. Enterprise Server supports the following types of authentication:

BASIC: Uses the server's built-in login dialog box. The communication protocol is HTTP (SSL optional). There is no user-credentialed encryption unless using SSL.
FORM: The application provides its own custom login and error pages. The communication protocol is HTTP (SSL optional). There is no user-credentialed encryption unless using SSL.
CLIENT-CERT: The server authenticates the client using a public key certificate. The communication protocol is HTTPS (HTTP over SSL). User-credentialed encryption is SSL.
DIGEST: The server authenticates a user based on a user name and a password. The authentication is performed by transmitting the password in an encrypted form which is much more secure than the simple Base64 encoding used by BASIC authentication. The communication protocol is HTTPS.