What is Container-Based Authentication?

I know the "XMLHttpRequest" object supports a method "open" which has an optional parameter of a username and password. I just found out that these 开发者_JS百科parameters can be supplier for requests requiring container-based authentication.

This is the method signature:

open(method, url, async, username, password)

Can someone help me out with the meaning of Container-Based Authentication?

Container-Based means that the container of the web application (e.g. tomcat, jboss, etc.) performs the authentication, and makes the results of the authentication known to your web application.

As a consequence, your web application doesn't need to implement NTLM, HTTP Basic, or any authentication code, because the container already does all that.