To overcome the challenge with using clear text login credentials in HTTP basic authentication, the cryptographic hash of the login credentials are used for HTTP digest authentication. The client sends a one-way cryptographic hash of the username, password, and a few other security-related fields using the MD5 message-digest hash algorithm. When the server receives the request, it regenerates the hashed value for all the fields used by the client to generate the hash and compare it with the one present in the request. If the hashes match, the request is treated as authenticated and valid. To follow the steps of configuring the digest authentication realm in the GlassFish server, refer to Chapter 2, Administering User Security in GlassFish Security Guide.

If the client application uses the Jersey framework implementation, then the API to invoke the RESTful web services secured via the HTTP digest authentication looks like the following code snippet:

//Rest of the imports are removed for brevity 
import org.glassfish.jersey.client.authentication.  
    HTTP_AUTHENTICATION_DIGEST_USERNAME; 
import org.glassfish.jersey.client.authentication.  
    HTTP_AUTHENTICATION_DIGEST_PASSWORD; 
 
//Client code goes here 
final String RESOURCE_URI =  
    "http://localhost:8080/hrapp/departments"; 
Client client = javax.ws.rs.client.ClientBuilder.newClient(); 
//Provide the username and password, and invoke method 
Response response = client.target(RESOURCE_URI).request() 
  .property(HTTP_AUTHENTICATION_DIGEST_USERNAME, "<Username>") 
  .property(HTTP_AUTHENTICATION_DIGEST_PASSWORD, "<Password>") 
  .get();