I am a newbie to this forum and J2EE.
I was going through the J2EE security mechanisms like BASIC, DIGEST, CLIENT-CERT and FORM.
I understood that in case of basic and digest the container looks at the Authorization header to determine if the user is authenticated or not.
But I am not clear as to what exactly happens when we use FORM based authentication. Login form will post the form to j_security_check that the container supports. here container will authenticate the user. I am aware that it will somehow 'populated' the subject and principals.
but on a subsequent request from browser, what exactly does the container looks at to determine if the user was already authenticated or not (like in case of BASIC and DIGEST it is the authorization header)