Authentication is basically an identification step.
Functionality used for J2EE security:
Principal: An entity that may be authenticated and identified.
Principal name: Identity of a principal like user id and password.
Credential: Information like certificate or password, which may authenticate a principal.
Subject: A set of rules and their credentials associated with a thread of execution.
Authentication: The steps by which a server verifies the identity represented by a user through certificate or username/userid and password. E.g: the password and username supplied by the user may be checked against a database server or an LDAP server to verify he is whom he claims to be.
Authentication methods:
Basic/Digest authentication: Browser password and specific is encoded using Base-64 encoding.Digest is same to basic but shielded the password through encryption. This is a simple challenge- respond scheme where the client is challenged for a password and user id. The Internet is broken into realms.
Form-based authentication: Most Web applications give the form-based authentication since it allows applications to modifies the authentication interface. Uses base64 encoding, which may expose password and username unless all connections are over SSL.
Certificate based authentication: Uses SSL and PKI. This is by far the most secured authentication function. A user must give x.509 certificate to verify with the server.