Java Reference
In-Depth Information
Using the login module in the Ticket web
application
We can now apply the
RoleDirect
login module in the Ticket web application described
in
Chapter 4
,
Learning Context and Dependency Injection
(you could pick the version from
another chapter if you like). We will first show how to provide a BASIC web authentica-
tion, and then we will show a slightly more complex example using FORM-based authen-
tication.
Note
BASIC-access authentication is the simplest way to provide a username and password
when making a request through a browser.
It works by sending an encoded string containing the user credentials. This
Base64-encoded string is transmitted and decoded by the receiver, resulting in colon-separ-
ated username and password strings. When it comes to safety, BASIC authentication is
usually not the best solution. The password can be stolen during the transmission, so SSL is
a must in order to protect it.
Turning on web authentication requires the
security-constraints
element to be
defined in the web application configuration file (
web.xml
), as shown in the following
code snippet:
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/
XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/
javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
. . . . . .
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAuth</web-resource-name>
<description>application security constraints
</description>
<url-pattern>/*</url-pattern>
