what's a authorization header? How is it used. How is it differrent from using login custom coding.

Question

Just found that there is a request header authorization. Want to know what is the use of this header. How is it used in the context of jsp tomcat servlet enviornment. How is it different from a normal login module, where user enters username password in a simple jsp page. How a page passes authorization header.

Answer 1

This is part of HTTP Basic authentication. This is the most basic way of authentication. When you enter such a website, you will be provided a 90's-style login popup (which look like a Javascript alert) where you can enter the credentials. In case of a Java EE servletcontainer, you can manage the logins and roles by container managed security. This is described in Java EE tutorial as well, starting in the chapter Defining Security Requirements.

Needless to say that Form based authentication provides you more design freedom. You can just create a nice-looking HTML page with a <form> and let it submit to j_security_check. This is described in the same tutorial as well.