As the name suggests, credentials are taken from a user
filled form. In addition to the changes
done above we have to add a login config element to the web.xml outside the
security constraint element and inside web-app element. It should be noted that
only one login config block should be there.
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginfail.jsp</form-error-page>
</form-login-config>
<login-config>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginfail.jsp</form-error-page>
</form-login-config>
<login-config>
We have to create different jsp files, login.jsp,
loginfail.jsp and logout.jsp. We should
add a login form in the body of login.jsp.
<form
method="post" action="j_security_check">
<input type="text"
name="j_username" /><br/>
<input type="password"
name="j_password" /><br/>
<input type="submit"
value="Login" />
</form>
If the login is failed code in the loginfail.jsp will get
executed.
<%
String
redirectURL = "/Form-Base-Auth-war/FormServlet";
response.sendRedirect(redirectURL);
%>
This code is written between jsp tags. In case of failure
user is redirected to the login page.
In the
servlet we have given a link to logout.jsp.
out.println("<br/><a
href='logout.jsp'>logout</a>");
Following is the body of logout.jsp.
<body>
<%
session.invalidate();
%>
<h1>Log Out
successfully</h1>
<a
href="/Form-Base-Auth-war/FormServlet">home</a>
</body>
Other things are reamain unchanged as Basic authentication. We have to add security domain to the jboss-web.xml, need to create two properties files, need to add security constrains as basic authentication. If you miss it you can see Basic authentication in JBOSS.
Session is successfully invalidated in form-based
authentication unlike basic authentication. This works in any browser.
No comments:
Post a Comment