basic/digest authentication implementation in Java server code/web server

Question

We need to support basic authentication and later digest authentication in Java web project. My doubt is

• Whether basic/digest authentication is a configuration in web server (tomcat, jboss etc).Our users/password are in a SQL database and we get these through dataservices. In this case how I can configure the web server to use the dataservices to authenticate?
• Whether I need to handle explicitly in code for basic/digest authentication? Like I will receive authentication request from Servlet and will connect to dataservices for authentication?

Answer 1

Basic and Digest authentication are covered by the servlet specification. Read the spec or this tutorial to know how it works.

Where the credentials are stored and how they are checked is at the discretion of each container, though. Tomcat supports a variety of Realm implementations (file-based, JDBC based, LDAP-based, etc.) Don't know for JBoss.