Specifying a Security Constraint
Specifying a Security Constraint
<html>
<head>
<title>Login Page</title>
</head>
<h2>Hello, please log in:</h2>
<br><br>
<form action="j_security_check" method=post>
<p><strong>Please Enter Your User Name: </strong>
<input type="text" name="j_username" size="25">
<p><p><strong>Please Enter Your Password: </strong>
<input type="password" size="15" name="j_password">
<p><p>
<input type=
"submit" value="Submit">
<input type=
"reset" value="Reset">
</form>
</html>
The login error page is displayed if the user enters a user name and password combination that
is not authorized to access the protected URI. For this example, the login error page can be
found at
tut-install/javaeetutorial5/examples/web/hello1_formauth/web/logonError.jsp. For
this example, the login error page explains the reason for receiving the error page and provides a
link that will allow the user to try again. Here is the code for this page:
<html>
<head>
<title>Login Error</title>
</head>
<body>
<c:url var=
"url" value="/index.jsp"/>
<h2>Invalid user name or password.</h2>
<p>Please enter a user name or password that is authorized to access this
application. For this application, this means a user that has been created in the
<code>file</code> realm and has been assigned to the <em>group</em> of
<code>user</code>.
Click here to <a href=
"${url}">Try Again</a></p>
</body>
</html>
Specifying a Security Constraint
This example takes a very simple JSP page-based web application and adds form-based security
to this application. The JSP page is exactly the same as the JSP page used in the example
described in
. All security for this example is declared in the
deployment descriptor for the application. A security constraint is defined in the deployment
descriptor that tells the server to send a login form to collect user data, verify that the user is
authorized to access the application, and, if so, display the JSP page to the user.
Examples: Securing Web Applications
The Java EE 5 Tutorial · September 2007
870
