Form based authentication in java

Question

I want to know how can I enable form based authentication in java through database. After connecting to database, how can I verify whether the username and password, which I'm entering through html page is correct or not?

Do I have to change action servlets from j_security_check to another my own defined servlets, which will connect to database and do all its verification on its own? Or I've to send authentication information to j_security_check, which will automatically connect to database, verify username and password.

I'm successful in connecting to database through context.xml file, which is in META-INF directory of my own web application, but I'm not able to understand what's more I've to do enable form based authentication.

I'm using Tomcat 6 as web server.

Answer 1

Personally I use a DataSourceRealm in the context.xml of the webapp:

  <Realm className="org.apache.catalina.realm.DataSourceRealm"
        dataSourceName="jdbc/lagalerie" debug="99" localDataSource="true"
        roleNameCol="role" userCredCol="password" userNameCol="username"
        userRoleTable="rolemap" userTable="users" digest="md5"
        digestEncoding="UTF-8"/>

And I define the datasource in the server.xml of tomcat (to allow the use of the same war in different environments):

<Resource auth="Container" type="javax.sql.DataSource" name="jdbc/lagalerie"
          driverClassName="org.postgresql.Driver"
          url="jdbc:postgresql://localhost/lagalerie?charSet=LATIN1"
          maxActive="100" maxIdle="30" maxWait="10000"
          username="casashop" password="casashop"/>

the table rolemap is actually a view because the database model is different from the one that tomcat is expecting.