Java Reference
In-Depth Information
Configuring Our Application for Form-Based
Authentication
When an unauthenticated user attempts to access a secured page, our application
must redirect the user to the login page. Once the user has successfully authenticated
via the application's security realm, the user is presented with the page he/she
was trying to access. If the user does not successfully authenticate, the application
must direct the user to our login error page. All of this needs to be configured in the
application's
web.xml
deployment descriptor.
By default, NetBeans opens the
web.xml
deployment descriptor in a visual editor.
After opening our application's
web.xml
(located under
Configuration Files
), and
clicking the
Security
button in the toolbar, we can enter security information for
our application.
In the
Login Configuration
section, we need to choose the type of authentication
the application will use. For form based authentication, we also need to indicate the
login and login error pages.
In the
Security Roles
section, we add security roles for our web application.
