The Java EE 6 Tutorial, Volume I

Step 1: Initial Request

In the first step of this example, the web client requests the main application URL. This action is shown in Figure 23–1.

Figure 23–1 Initial Request

Diagram of initial request from web client to web server
for access to a protected resource

Since the client has not yet authenticated itself to the application environment, the server responsible for delivering the web portion of the application (hereafter referred to as web server) detects this and invokes the appropriate authentication mechanism for this resource. For more information on these mechanisms, read Security Implementation Mechanisms.