<auth-method>

This tag specifies the authentication method for the application's security realm.

It takes four possible values:

• BASIC - BASIC authentication, login is via a browser-specific popup login window
• FORM - FORM based authentication, uses a login page specified with <form-login-page> and the user is sent to an error page specified with <form-error-page> on unsuccessful logins.
• DIGEST - MD5 DIGEST based authentication, login is via a browser-specific popup login window as with BASIC. This method requires the realm to be configured for MD5 in <server.xml> as well.
• CLIENT_CERT - Client-side SSL certificate based authentication. The certificate is passed to the server to authenticate.

More Information

• Problem with Digest security in Tomcat

See Also

• web.xml Reference Page - for a full example of a security constraint
• Security Realms - basic description of the elements required to implement authentication
• Metawerx Tomcat Realms Administrator - metawerx tool for JDBC-based authentication