<auth-method>
This tag specifies the authentication method for the application's security realm.
It takes four possible values:
- BASIC - BASIC authentication, login is via a browser-specific popup login window
- FORM - FORM based authentication, uses a login page specified with <form-login-page> and the user is sent to an error page specified with <form-error-page> on unsuccessful logins.
- DIGEST - MD5 DIGEST based authentication, login is via a browser-specific popup login window as with BASIC. This method requires the realm to be configured for MD5 in <server.xml> as well.
- CLIENT_CERT - Client-side SSL certificate based authentication. The certificate is passed to the server to authenticate.
See Also