tags:

views:

214

answers:

2
Q: 

Confusion in form based authentication in java

Could anyone please tell me, how can I handle the j_security_check servlet in Form based authentication in java?

Do I have to map the servlet class with j_security_check name in web-xml file like:

<servlet>
<servlet-name>Anyname</servlet-name>
<servlet-class>Anyclass</servlet-name>
</servlet>

<servlet-mapping>
<servlet-name>Anyname</servlet-name>
<url-pattern>/j_security_check</url-pattern>
</servlet-mapping>

If I enter the user name and pasword, and click on submit, then how will servlet with j_security_check name going to handle those info? How will that servlet going to verify those entered user name, and password, and get the resource, if authentication, and then authorization succeed, otherwise error page. How will j_security_check servlet will do that?

A: 

You do not need to map the j_security_check to anything. This is managed by the Application Server.
However you DO NEED to add usernames. roles and realm information.
Each application server has its own way of authenticating this information.

See this -
1) http://www.student.nada.kth.se/~d95-cro/j2eetutorial14/doc/Security5.html#wp303355 and
2) http://docs.sun.com/app/docs/doc/819-3669/bncby?a=view

Padmarag  2010-03-02 11:02:37
If there is no need of mapping, then what's the need of defining "j_security_check" in action field of HTML form?
Stardust  2010-03-02 11:10:58
@Stardust - There's no need of mapping because the servlet container is supplying it. You need to use j_security_check in the form in order to comply with the existing mapping.
Don Roby  2010-03-02 11:21:40
+2  A: 

The idea is that you write a JSP or Servlet that presents a form with the following fields and action:

<form action="j_security_check" method="post">
    <input type="text" name="j_username"/>
    <input type="password" name="j_password"/>
    <input type="submit"/>
</form>

When the form is submitted, the servlet container checks the credentials for you using the mechanism you've defined (e.g. JAAS). In your web.xml, you set the following:

<login-config>
    <form-login-check>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/error.jsp</form-error-page>
    </form-login-check>
</login-config>

This allows the container to locate the JSP or Servlet containing your form, or your error handling code. If you haven't already, I'd recommend having a read of the Servlet Specification.

David Grant  2010-03-02 11:04:31

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java