HTML and CSS Reference
In-Depth Information
Listing 12-3.
Updates to home.xhtml Page
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html>
<html xmlns="
http://www.w3.org/1999/xhtml
"
xmlns:ui="
http://java.sun.com/jsf/facelets
"
xmlns:h="
http://xmlns.jcp.org/jsf/html
"
>
<ui:composition template="/WEB-INF/templates/main.xhtml">
<ui:define name="title">
#{bundle['application.loginpage.title']}
</ui:define>
<ui:define name="content">
<!-- Form authentication -->
<form action="j_security_check" method="POST">
Username:<input type="text" name="j_username"></input><br/>
Password:<input type="password" name="j_password"></input><br/>
<input type="submit" value="#{bundle['application.login']}"></input>
</form>
<h:link value="#{bundle['application.loginpage.register']}" outcome="registration"/>
</ui:define>
</ui:composition>
</html>
As shown in the bolded lines, in order to use form-based authentication and as per servlet specification, we have
to use the HTML
<form>
tag (instead of the standard JSF
<h:form>
), setting the form action to
"j_security_check"
and the form method to
"POST"
, and setting the names of the username and password fields to
"j_username"
and
"j_password"
; finally, there is a submit button to submit the form. Listing 12-4 shows the form-based authentication
configuration in
web.xml
.
Listing 12-4.
Weather Application's Form-Based Authentication Configuration
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" ...>
...
<security-constraint>
<display-name>securityConstraint</display-name>
<web-resource-collection>
<web-resource-name>resources</web-resource-name>
<url-pattern>/protected/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>weatherUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>