Creating the Login Form
Creating the Login Form
6. Map the role name defined for this resource (loginUser) to a group of users defined on the
Application Server. For more information on how to do this, read
7. Build, package, deploy, and run the web application by following the steps in
or
8. Test the web client, following the steps in
Creating a Web Client for Form-Based Authentication
The web client in this example is a standard JSP page, and annotations are not used in JSP pages
because JSP pages are compiled as they are presented to the browser. Therefore, none of the
code that adds form-based authentication to the example is included in the web client. The code
for the JSP page used in this example, hello1_formauth/web/index.jsp, is exactly the same as
the code used for the unsecured JSP page from the example application at
tut-install/javaeetutorial5/examples/web/hello1/web/index.jsp.
The information that adds form-based authentication to this example is specified in the
deployment descriptor. This information is discussed in
Creating the Login Form and the Error Page
When using form-based login mechanisms, you must specify a page that contains the form you
want to use to obtain the user name and password, as well as which page to display if login
authentication fails. This section discusses the login form and the error page used in this
example. The section
shows how you specify
these pages in the deployment descriptor.
The login page can be an HTML page, a JSP page, or a servlet, and it must return an HTML page
containing a form that conforms to specific naming conventions (see the Java Servlet 2.5
specification for more information on these requirements). To do this, include the elements
that accept user name and password information between <form></form> tags in your login
page. The content of an HTML page, JSP page, or servlet for a login page should be coded as
follows:
<form method=post action=
"j_security_check" >
<input type=
"text"
name=
"j_username" >
<input type=
"password"
name=
"j_password" >
</form>
The full code for the login page used in this example can be found at
tut-install/javaeetutorial5/examples/web/hello1_formauth/web/logon.jsp. An example
of the running login form page is shown later in
. Here is the code for this page:
Examples: Securing Web Applications
Chapter 30 · Securing Web Applications
869