Java Reference
In-Depth Information
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login</title>
</head>
<body>
<p>Please enter your username and password to access the
application</p>
<form method="POST" action="j_security_check">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="right">Username: </td>
<td>
<input type="text" name="j_username">
</td>
</tr>
<tr>
<td align="right">Password: </td>
<td>
<input type="password" name="j_password">
</td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
Every login page created for form based authentication must contain an HTML
form
with a method of
POST
and an action of
j_security_check
. Every Java EE compliant
application server will have a security servlet already deployed on installation. This
servlet is mapped to the
j_security_check
URL, as such, its
doPost()
method is
executed when the form is submitted.
Each form-based authentication login page must also have two additional fields: a
text field named
j_username
, and a password field named
j_password
. The security
servlet will then check that these values match those in the security realm when
the form is submitted. Needless to say, the form needs a submit button so that user
entered credentials can be sent to the servlet.
We need a way to display an authentication error if the user enters
incorrect credentials.