Web Form based login in Java

views:

answers:

+1 Q:

Web Form based login in Java

How can I block access to the site if a user is not logged in?

Under web.xml > Security I checked Form authentication then I selected Login and Error page, but I don't know how to block the access and redirect the user to the login page.

Do I need a filter? If so, how can I get the login url I specified?

And how should I call the validation method? I saw in some examples this code

    <form method=post action="j_security_check">
     <input type="text" name="j_username" />
     <input type="password" name="j_password" />
    </form>

What does it do?

+2 A:

To prevent people who aren't logged in from viewing resources, you use security constraints. Something like this:

<security-constraint>
    <display-name>Constraint</display-name>
    <web-resource-collection>
        <web-resource-name>all-resources</web-resource-name>
        <description/>
        <url-pattern>/pages/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <description/>
        <role-name>User</role-name>
    </auth-constraint>
</security-constraint>

Affe 2010-05-19 23:12:49

It's working, thanks! If you know can you edit the answer and give me an example on how should I call my user validation method, redirect and stuff...?

BrunoLM 2010-05-19 23:18:32

What j_security_check actually does depends on what app server you're using. If you want to make your own, you'll want to read up on JAAS:http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JAASRealmNote there are lots of web frameworks that have all of that ready to go for you, not a whole lot of non-academic reason to reimplment JAAS yourself.

Affe 2010-05-19 23:40:12

ansaurus

tags:

views:

answers:

Web Form based login in Java

related questions