HTTP basic authentication is an authentication method that requires only a user name and password to authenticate users who are transferring data over the HTTP protocol.
When you implement the HTTP basic authentication login module, the PBEKeyReaderModule
reads the password from the key store. If the credentials are not found in the inputs supplied by the caller, the login module invokes the callback handlers supplied by the caller to get the user name and password. The login module persists the passwords it retrieves from the callback handler in a shared list maintained by the calling account and updates the user name in the AuthProperties
object in the subject. The HTTPBasicLoginModule
validates the password and then the PBEKeyWriterModule
writes the validated password to the keystore (if the password has not already been written to the keystore). If the password is new or has changed, it will be written to the keystore only after the HTTPBasicLoginModule
validates the password with the server.
To implement HTTP basic authentication, perform the following steps:
- Create an account or retrieve an existing account.
- Call account.setProperty() to set the value of each of the following properties:
- SERVER – Complete URL for the server, containing the protocol (HTTP or HTTPS), domain, path, and optionally, the port.
- USER_NAME – The HTTP user name.
- CREDENTIAL_ID – Alias which references a password in the keystore. If the password does not already exist, it is created and this value is set as its alias. Accounts sharing the same password must have the same credential id.
- MASTER_PROPS (Optional) – The UID of another Account. Master properties are useful when two or more accounts are accessing services that use the same user directory and share more than just passwords. When account.getLoginContext() is called the “master” account is used to authenticate instead of the account making the method call. The “slave” account can then access the “master” account’s authenticated credentials through the Subject and use them to communicate with the service. If this value is set, only the SERVER property needs to have a value; the login module retrieves values for the other properties from the Master account.
Note: You do not need to set the value of the AUTH_TYPE property. "HTTP" is the default value.
Log in using the specified account by calling account.getLoginContext().login().
Use the following method to extract the user name from the subject:
Parent topic: Logging into remote servers
String username =
method returns the authenticated Subject which contains a user name and password.
For the HTTP basic login, the username and password are sent over the network (via the HTTP Header) in plaintext unless HTTPS is used.