configure Form-based Auth in web.xml

Posted on November 4, 2012. Filed under: java/j2EE |


In the previous post enable realm in server.xml <Realm>, we have configured Basic Auth for web application test-app. Here we will make some trivial changes and use Form-based Auth instead.

(For detail, check oracle document http://docs.oracle.com/javaee/5/tutorial/doc/bncbx.html)

We need to create logon.jsp and logonError.jsp under folder WebContent

— logon.jsp —

<%@ page language=”java” contentType=”text/html; charset=ISO-8859-1″

pageEncoding=”ISO-8859-1″%>

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN” “http://www.w3.org/TR/html4/loose.dtd”&gt;

<html>

<head>

<meta http-equiv=”Content-Type” content=”text/html; charset=ISO-8859-1″>

<title>Login Page</title>

</head>

<h2>Test App Login:</h2>

<br><br>

<form action=”j_security_check” method=”post”>

<p>User Name:

<input type=”text” name=”j_username“>

<p><p>Password:

<input type=”password” name=”j_password“>

<p><p>

<input type=”submit” value=”Submit”>

<input type=”reset” value=”Reset”>

</form>

</html>

— logonError.jsp —

<%@ page language=”java” contentType=”text/html; charset=ISO-8859-1″

pageEncoding=”ISO-8859-1″%>

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN” “http://www.w3.org/TR/html4/loose.dtd”&gt;

<html>

<head>

<title>Login Error</title>

<meta http-equiv=”Content-Type” content=”text/html; charset=ISO-8859-1″>

</head>

<body>

<h2>Invalid user name or password.</h2>

Click here to <a href=”/test-app/hello“>Try Again</a></p>

</body>

</html>

— web.xml —

<web-app version=”3.0″

xmlns=”http://java.sun.com/xml/ns/javaee&#8221;

xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance&#8221;

xsi:schemaLocation=”http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd”&gt;

<security-constraint>

<web-resource-collection>

<web-resource-name>test-app</web-resource-name>

<url-pattern>/hello</url-pattern>

</web-resource-collection>

<auth-constraint>

<role-name>appadmin</role-name>

</auth-constraint>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>

<login-config>

<auth-method>FORM</auth-method>

<form-login-config>

<form-login-page>/logon.jsp</form-login-page>

<form-error-page>/logonError.jsp</form-error-page>

</form-login-config>

</login-config>

</web-app>

— tomcat-users.xml —

<?xml version=”1.0″ encoding=”UTF-8″?>

<tomcat-users>

<role rolename=”appadmin”/>

<user username=”testapp” password=”test” roles=”appadmin”/>

</tomcat-users>

— server.xml —

notice SSL and MemoryRealm is enabled in server.xml

<!– Define SSL Connector on port 8843 –>

<Connector port=”8443″ SSLEnabled=”true”

maxThreads=”150″ scheme=”https” secure=”true” acceptCount=”100″ enableLookups=”false”

clientAuth=”false” sslProtocol=”TLS”

keystoreFile=”/Users/homenetwork/.keystore” keystorePass=”password”/>

<Realm className=”org.apache.catalina.realm.MemoryRealm” />

With the above setup, you should be able to open a browser and visit url https://localhost:8443/test-app/hello

Only when you put testapp/test as user/password, you will be able to login and view the text:

Hello World Secure J2EE/Java Lab

In case you see the following error messages:

The method getJspApplicationContext(ServletContext) is undefined for the type JspFactory

Get rid of any servletcontainer-specific libraries such as jsp-api.jar in your /WEB-INF/lib folder.

Advertisements

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: