NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide

Security Considerations

NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006

8-4

HTTP Digest Authentication

where, Realm_Name is the name of the Realm. For more information on Realms, see

Realms on page 8-7.

When a user attempts to access a web application that is configured for the HTTP

basic authentication, a logon page as shown in Figure 8-2 appears and the user is

prompted to enter the username and password.

HTTP Digest Authentication

Similar to the HTTP basic authentication method, the HTTP digest authentication

method authenticates a user based on a username and a password. However, the

authentication is performed by sending the password in an encrypted form that is more

secure than the simple base64 encoding used by the HTTP basic authentication.

You can configure a web application for digest authentication by setting the auth-

method element in the web.xml (located in the

<NSJSP_HOME>/webapps/<application_directory>/WEB-INF directory for a

web application deployed in the <application_directory>) file to DIGEST:

<login-config>

<auth-method>DIGEST</auth-method>

<realm-name>Realm_Name</realm-name>

</login-config>

Figure 8-2. Logon Page for HTTP Basic Authentication