Use JEE basic authentication to secure the EGL Rich UI Proxy. Require users to authenticate to the proxy before it can be used to process Web service calls. If you require users to authenticate, you prevent unauthenticated clients from accessing the proxy for illegal purposes.
To secure the EGL Rich UI Proxy, in a security constraint in your web.xml, specify a URL pattern of /___proxy (three underscores).
By using JEE basic authentication, the Web server uses a browser-provided dialog to collect a user id and password. This dialog looks like the following dialog for Mozilla® Firefox® V2.0:
If you use this login dialog, you cannot customize the dialog to look like the rest of your Rich UI application. The dialog is redisplayed until a valid user id and password are entered. The HTTP standard requires that when login fails, the server returns a response code of 401. This response code is presented to the user on an error page with a generic error message.
If you use JEE security to protect both the HTML file and EGL Rich UI Proxy, use form-based authentication. When a user requests the HTML file, the login page that is specified for form-based authentication is displayed. After users authenticate, they can also access the proxy, bypassing the browser-provided dialog.
If you want to protect sensitive parts of your application without securing the entire Rich UI application, you can use custom security. You can combine authentication for custom security with JEE authentication of the EGL Rich UI Proxy in a process called EGL single sign-on. In EGL single sign-on, you use a user-defined login screen to capture credentials that allow the end user to authenticate to more than one resource, including the EGL Rich UI Proxy. To prevent the user from seeing the browser-provided dialog, use EGL single sign-on.