Description: Implementing security for Web applications is a mandatory task for architects and Web application developers. In J2EE, the Web containers have support for built-in security mechanisms for their applications. There are two major components of Web application security: authentication and authorization. J2EE-based Web containers offer three types of authentication mechanisms: basic, form-based, and mutual authentication. Most Web applications use the form-based authentication mechanism, since it allows applications to customize the authentication user interface.