Introduction

Because of the increase in digital commerce and a corresponding rise in the need to transfer and store sensitive data (such as credit card numbers and financial accounts), security is of paramount importance to Java web applications.

This chapter's recipes cover tasks that involve authentication, which is designed to answer the question "are you who you say you are?" Authentication usually involves an interaction between a client or user and server-side code for the purpose of checking a username and password (and sometimes a digital certificate, biometric data, or other evidence) against stored information, such as a user database.

The recipes describe how to set up Secure Sockets Layer (SSL), as well as use BASIC- and form-based authentication with Apache Tomcat. The later recipes describe how to use a powerful security framework called Java Authentication and Authorization Service (JAAS) with servlets and JSPs.