Using Form-Based Authentication
Using Form-Based Authentication
Example: Using Form-Based Authentication with a JSP
Page
This example discusses how to use form-based authentication with a basic JSP page. With
form-based authentication, you can customize the login screen and error pages that are
presented to the web client for authentication of their user name and password. When a user
submits their name and password, the server determines if the user name and password are
those of an authorized user and, if authorized, sends the requested web resource. If the topic of
authentication is new to you, please refer to the section
In general, the following steps are necessary for adding form-based authentication to an
unsecured JSP page, such as the one described in
application included with this tutorial, many of these steps have been completed for you and are
listed here simply to show what needs to be done should you wish to create a similar
application. The completed version of this example application can be found in the directory
tut-install/javaeetutorial5/examples/web/hello1_formauth/.
The following steps describe how to set up your system for running the example applications,
describe the sample application, and provide the steps for compiling, packaging, deploying, and
testing the example application.
1. If you have not already done so, set up your system so that the Ant tool and/or NetBeans
IDE will run properly. To do this, follow the instructions in
. This step is necessary to set the properties that are specific to your installation of the
Application Server and Java EE 5 Tutorial.
2. If you have not already done so, add an authorized user to the Application Server. For this
example, add users to the file realm of the Application Server and assign the user to the
group user. This topic is discussed more in
3. Create a web module as described in
discuss adding security to this basic application. The resulting application is found in the
directory tut-install/javaeetutorial5/examples/web/hello1_formauth/.
4. Create the login form and login error form pages. Files for the example application can be
viewed at tut-install/javaeetutorial5/examples/web/hello1_formauth/web. These
pages are discussed in
5. Create a web.xml deployment descriptor and add the appropriate security elements (the
application on which this section is based did not originally require a deployment
descriptor.) The deployment descriptor for the example application can be viewed at
tut-install/javaeetutorial5/examples/hello1_formauth/web/WEB-INF. The security
elements for the web.xml deployment descriptor are described in
Examples: Securing Web Applications
The Java EE 5 Tutorial · September 2007
868
