In previous
post, I explained ‘Setting role basedsecurity in tomcat‘, in this post, I am going to explain, how to configure
form based authentication.
This is
continuous to my previous post, to get better understanding I recommend you to
first read previous article.
Step 1: First we need to create two pages login.jsp,
login-error.jsp. Whenever user tries to access secured resource we forward the
request to login page, if user credentials are wrong then login-error.jsp file
will be displayed. If user provides correct credentials, then he will get
access to secure resource.
Create login
folder and add login.jsp, login-error.jso files
login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>login</title> </head> <body> <h1>Please login</h1> <p>The page you have selected requires that you login to proceed.</p> <form action="j_security_check" method="post" name="loginForm"> User name: <input id="user" type="text" name="j_username" size="20"> Password: <input id="password" type="password" name="j_password" size="20"> <input type="submit" value="Login"> </form> </body> </html>
Make sure
action name is ‘j_security_check’, user name is ‘j_username’ and password name
is ‘j_password’.
login-error.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <h1>Credentials are wrong</h1> </body> </html>
Step 2: Now update web.xml, by specifying form based
authentication details.
<login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login/login.jsp</form-login-page> <form-error-page>/login/login-error.jsp</form-error-page> </form-login-config> </login-config>
Remaining
all configurations is same (Remove BASIC authentication scheme that we used in
previous post).
Following is
the complete web.xml file.
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <display-name>secure_app</display-name> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> <security-role> <role-name>admin</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>management pages</web-resource-name> <url-pattern>/secure/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login/login.jsp</form-login-page> <form-error-page>/login/login-error.jsp</form-error-page> </form-login-config> </login-config> </web-app>
Run the
application on server and try to access secure resource, it redirects you to
the login page.
If you
provide wrong credentials, it redirects you to the login-error page.
If you
provide correct credentials, it redirects you to the secured resource that you
are trying to access.
Following is
the complete project structure in eclipse.
No comments:
Post a Comment