Terminology
In this section, we're going to list and explain the different concepts and terminology required to understand how the new security API works, and we'll get ready for moving on with the code of this new API.
Authentication mechanism
An authentication mechanism is a way used to obtain a username and password from the user, to be processed later by the Java Security API.
Different authentication mechanisms may be used, including the following:
- HTTP Basic Authentication: The built-in browser authentication methodology, where the browser displays an internal login dialog for the user upon trying to request access on some protected resource in our application
- Form-Based Authentication: The most popular way of authenticating users in web applications, where we use a custom- created HTML form to input claimed user credentials from our user
Caller
The user that's making a request to our application. This caller is our candidate for authentication and authorization, before accessing our protected...
