A request to an authentication URL is a HTTPS POST request
POST /my/authentication/service HTTP/1.1 Host: auth.my.domain Content-Type: application/x-www-form-urlencoded user=<user>&passwd=<passwd>
An authentication must respond to an authentication request with an HTTP response with
Content-Type: text/plain; charset=utf-8
and on of the following status codes:
200 OK - successful authentication 401403 UnauthorizedForbidden - if nothe user and passwd fields are given in the POST data. 403 Forbidden - if the user name or the password is wrongname or the password is wrong or no user and passwd field ist given. 406 Not Acceptable - The status, which will be returned after to many unsuccessful authentications.
The body of the response *must* no contain more than 1024 bytes and should contain a short, information text message encoded in UTF-8. The text message will be logged by the gwt-http-login-service bundle and will not be displayed to the user.
The server may enforce the use of HTTP basic authentication in order to keep offending servers away from dictionary attacks.