Java Reference
In-Depth Information
Next, you specify the realm the container should use for authentication . A realm is
a container-specific abstraction over a JAAS-driven authentication system. You configure
realms using the container administrative tools. Containers usually provide several basic
realm implementations for pulling credentials out of a database or LDAP like we previ-
ously discussed. If you're attempting to authenticate against an external system not sup-
ported by your container, you'll need to furnish your own realm implementation. A custom
realm implementation is container-specific.
After specifying the realm, you specify a custom login form and error page . The
URLs provided are what the browser would request. For your web application, XHTML
pages are processed as JSF pages by appending the
*.jsf
extension. Depending on how
you configure your application, this may vary.
With the next two elements, you specify which pages you want secured and what role
is required to access these pages . The URL pattern you provide,
/admin/*
, results
in all files under the admin directory being secured. The role name must be mapped to a
group name from the realm.
The login page is shown in the next listing. When the form is posted, the username and
password will be extracted from the request parameters by the container and authentication
performed.
