JBoss Community Archive (Read Only)

PicketBox

HTTP Authentication

Introduction

Before enabling HTTP security in your application, you need to define how users should supply their credentials. PicketBox is shipped with implementations for the most common HTTP Authentication Schemes:

  • HTTP FORM

  • HTTP BASIC

  • HTTP DIGEST

  • HTTP CLIENT_CERT

Authentication Schemes

The easiest way to configure one of the supported authentication schemes is define it in your web.xml a Servlet Context Init Parameter called org.picketbox.authentication. The examples bellow show you how to configure each one of the built-in authentication schemes:

HTTP Form Authentication Scheme
<context-param>
	<param-name>org.picketbox.authentication</param-name>
	<param-value>FORM</param-value>
</context-param>

HTTP BASIC Authentication Scheme
<context-param>
	<param-name>org.picketbox.authentication</param-name>
	<param-value>BASIC</param-value>
</context-param>

HTTP Digest Authentication Scheme
<context-param>
	<param-name>org.picketbox.authentication</param-name>
	<param-value>DIGEST</param-value>
</context-param>

HTTP CLIENT_CERT Authentication Scheme
<context-param>
	<param-name>org.picketbox.authentication</param-name>
	<param-value>CLIENT_CERT</param-value>
</context-param>
JBoss.org Content Archive (Read Only), exported from JBoss Community Documentation Editor at 2020-03-11 12:16:15 UTC, last content change 2013-01-04 21:58:45 UTC.