<tomcat-users>
<user username="JohnSmith" password="johnPassword" roles="student"/>
</tomcat-users>
Application basic authentication means:
1. On the server side, programmatically verify the message context's http request header to see if the user name and password are valid.
2. On the client side, programmatically use BindingProvider.USERNAME_PROPERTY and BindingProvider.PASSWORD_PROPERTY to set the credentials in the http request header.
Why option 2 says application and container authentication are not the same and application authentication is not the same as Basic authentication?
Both application and container authentication deals with basic authentication.