Java Reference
In-Depth Information
Logging in with
demouser
and the valid password will grant access to the applica-
tion with the
Manager
role.
Switching to FORM-based security
FORM-based authentication lets developers customize the authentication user inter-
face, adapting it, for example, to your company's standards. Configuring it in your
application requires you to basically modify just the
login-config
stanza of the
security section of your
web.xml
file. Within it, we will be defining a login landing
page (
login.jsf
) and an error page (
error.jsf
), in case the login fails. Here is
the code snippet for it:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/
login.jsf</form-login-page>
<form-error-page>/
error.jsf</form-error-page>