| [ Team LiB ] |
|
Creating a Custom Login FormWhen you use the FORM authentication method, you must supply a login form to prompt the user for a username and password. The login form must contain form elements named j_username and j_password. The action in the <form> tag must be j_security_check. Listing 23.3 shows the HTML source for an example login form. Listing 23.3 Source Code for LoginForm.html<html> <body bgcolor="#ffffff"> <form action="j_security_check"> <table border="0"> <tr> <td>Login</td> <td><input type="text" name="j_username"></td> </tr> <tr> <td>Password</td> <td><input type="password" name="j_password"></td> </tr> </table> <input type="submit" value="Login!"> </center> </form> </body> </html> Figure 23.2 shows the example login form after the user has tried to access a page that requires authentication. Figure 23.2. You can supply your own custom login form.
You can also create an error page that displays when there is an error in performing the authentication. Listing 23.4 shows a simple error page. Listing 23.4 Source Code for LoginError.html<html> <body bgcolor="#ffffff"> <h1>Sorry</h1> An error occurred during authorization. <p> </body> </html> Figure 23.3 shows the simple error page in action. Figure 23.3. You can supply your own custom error page for handling authentication errors.
When you supply your own custom login form, you must supply the name of the login form and the name of the error form inside the <login-config> tag. The <form-login-page> tag specifies the location of the login page, whereas the <form-error-page> tag specifies the location of the error page. The <form-login-page> and <form-error-page> tags are contained within the <form-login-config> tag. Listing 23.5 shows an example web.xml file for authentication with a custom login form. Listing 23.5 web.xml for loginform Application
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>LoginForm</display-name>
<description>An application that makes use of a user-defined login form
</description>
<security-constraint>
<web-resource-collection>
<web-resource-name>Test</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
<auth-constraint>
<description>Let only managers use this app</description>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>The role of manager is one that can use our application.
</description>
<role-name>manager</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.html</form-login-page>
<form-error-page>/LoginError.html</form-error-page>
</form-login-config>
</login-config>
</web-app>
 |
| [ Team LiB ] |
|
