Authentication type in DD paragraph confusion
-
20-09-2019 - |
Question
Could anyone please tell me why the following paragraph is incorrect:
If your deployment descriptor correctly declares an authentication type of BASIC, the container automatically requests a user name and password whenever a user starts a new session.
Solution
Because container would only request (as in "send an authentication challenge to browser") user name / password when user attempts to access a protected resource (as defined in descriptor); not when user session is created.
Details are in JavaEE tutorial
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow