-
servlet secure login
Hi i am confused about setting up a loginpage using servlets...
original design...
simple html form which redirects to servlet, which tests user name and password
against a database and redirects accordingly... works fine
however, upon further reading i discovered role based authentication, and
the inbuilt servlet security features.. here is the web.xml
Code:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>servletSecurity</display-name><description>login forms</description>
<security-constraint>
<web-resource-collection>
<web-resource-name>Test</web-resource-name>
<url-pattern>/LoginForm.html</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name></auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint><login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.html</form-login-page>
<form-error-page>/LoginErr.html</form-error-page>
</form-login-config></login-config>
<servlet>
<description></description>
<display-name>logInCheck</display-name>
<servlet-name>logInCheck</servlet-name>
<servlet-class>logInCheck</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ApageMaker</servlet-name>
<url-pattern>/ApageMaker</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
<welcome-file>LoginForm.html</welcome-file>
</welcome-file-list>
</web-app>
now in the first version i had
Code:
<FORM ACTION="http://www.working_url.com/servlet/logIn" method="POST"..
which redirected the results ( usrname and password) to a servlet which queries the database and then redirects...
BUT, when i use this method i use
Code:
<form action="j_security_check">
which i assume calls some inherited class to get processed ? as it redirects
already to the loginErr.html page...
but how do i process my own username/password list ?
and how do redirect to the login processing servlet loginCheck.java
here's the html of the new login page that corresponds the web.xml...
Code:
<form action="j_security_check">
<h1 align="center"></br> Login </h1>
<center>
<table border ="0">
<tr>
<td ><h3>user name</br></h3></td>
<td>
<input type="text" name = "j_username">
</td>
</tr>
<tr>
<td><h3>password</h3></td>
<td>
<input type="password" name = "j_password">
</td>
</tr>
</table>
<input type ="submit" value = "Login!">
</center>
any help would be appreciated ..
thanks
simo_mon
