To secure your Rich UI application, you can use JEE form-based authentication (the most popular Web authentication method in use) for which you to supply your own customized login page that contains a user id and password. Users cannot access any part of the Rich UI application until they authenticate. The encoding scheme for the password is Base64 encoding, which can be easily decoded. To ensure password confidentiality, use SSL connections with form-based authentication. When you use form-based authentication, error handling, such as displaying specific error messages, is difficult to implement. If an authentication error occurs, an error page is returned with the status code of the response set to 401.
For sample login and error pages that you can use with form-based authentication, see "Sample login and error pages for JEE form-based authentication."
To secure the HTML file that EGL generates for a Rich UI application named RSSReader, specify a URL pattern of /RSSReader.html. If RSSReader.html is in a subdirectory of WebContent named Secured, specify a URL pattern of /Secured/RSSReader.html.
When you use form-based authentication to secure the HTML file, include the EGL Rich UI Proxy in the security constraint. To secure the EGL Rich UI Proxy, specify a URL pattern of /___proxy (three underscores). By specifying this pattern, you prevent unauthenticated users from accessing the proxy. After logging in, users will gain access to the EGL Rich UI Proxy as well as the HTML file.