BASIC and FORM-based Authorization in Your Web Application, Page 2
FORM-based authorization method
For this method, we will only need to:
- Modify \webapps\webdemo\WEB-INF\web.xml
- Create a login JSP page, on which the user will get a HTML form to enter his login and password
- Create a JSP error page that the user will get if an error happened during authorization
So, let's start from the very beginning. In case you tried the BASIC authorization method first, you need just to change the login-config section to the one listed below. Otherwise, you need to type the security-constraint section from the BASIC method (it's absolutely the same), but use the following login-config:
<login-config> <auth-method>FORM</auth-method> <realm-name>Web Demo</realm-name> <form-login-config> <form-login-page>/admin/login.jsp</form-login-page> <form-error-page>/admin/error.jsp</form-error-page> </form-login-config> </login-config>
We set the FORM's auth-method and defined the form-login-config section; this will force Tomcat to use the \admin\login.jsp page as the page with the HTML form for the user to sign in, and use \admin\error.jsp in case the login failed.
You can have any login and error screen you like; the only requirement is that HTML <form> should be the following (to be more exact, it should have fields defined as such):
... <form method="POST" action="j_security_check"> <input type="text" name="j_username"> <input type="text" name="j_password"> <input type="submit" value="Log in"> </form> ...
The layout, styles, or whatever else could be anything you like. The error page could be anything you want; you will need to inform the user that there that something is wrong with the authentication.
That is all. You need to stop and re-start Tomcat to make these changes work.
© Olexiy Prokhorenko, http://www.7dots.com/resume/
Co-author: Alexander Prohorenko
# # #