Security is an important aspect of applications that transport sensitive data over the Internet. Because of this requirement, the servlet specification requires servlet containers to provide implementations of basic and digest authentication, as defined in the HTTP/1.1 specification. Additionally, servlet containers must provide form-based security that allows developers to control the look and feel of login screens. Finally, servlet containers may provide SSL and client certificate authentication, although containers that are not J2EE compliant are not required to do so.
Unlike other aspects of web applications implemented with JSP and the Java programming language, security typically requires some nonportable code. If portability is a high priority, you can implement security from scratch by using JSP and servlets, as illustrated in "Programmatic Authentication" on page 271.