Last week, we had the author of TDD for a Shopping Website LiveProject. Friday at 11am Ranch time, Steven Solomon will be hosting a live TDD session just for us. See for the agenda and registration link
which authentication methods are http. I know that Basic authentication is http. client-cert is https. so it does not come as http. how about digest and form. are these j2ee authentication mechanisms?
there are not much more HTTP authentication methods besides HTTP basic and digest authentication. There are some rare forms like NTLM (LAN manager) and Kerberos authentication which are more or less Windows specific. Maybe a login via login form can be considered HTTP authentication, too. In my opinion authentication with SSL/TLS certificates is HTTP authentication as well just with an additional encryption layer.
I guess the term "HTTP authentication" is simply too blurry here. Some people use it as a synonym for HTTP BASIC authentication, others will mean one or more of the methods I wrote in my last post. I personally would consider them all HTTP authentication mechanisms because we're talking here about applications which are based on the HTTP/HTTPS protocol. Technically this isn't 100% correct because SSL/TLS for example communicates directly over TCP and is therefore one network layer below HTTP(S). In contrast in RFC 2617 only HTTP basic and digest authentication are discussed.
So in my opinion the "correct" answer surely depends on the context and people you're talking to! Sorry that I can't give you a perfect answer but I think there even is no strict definition of "HTTP authentication" in general.
If we're talking about exam question, well that's another thing. If the authors (think they) have a strict definition for such a vague term, you will have no chance but to learn the right answer - regardless whether it makes much sense or not. But I wouldn't worry too much about such subtle difference for "real" life ;-)