Java Reference
In-Depth Information
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login</title>
</head>
<body>
<p>Please enter your username and password to access the application</
p>
<form method="POST" action="j_security_check">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="right">Username: </td>
<td>
<input type="text" name="j_username">
</td>
</tr>
<tr>
<td align="right">Password: </td>
<td>
<input type="password" name="j_password">
</td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
Every login page created for form-based authentication must contain an HTML
form
with a method of
POST
and an action of
j_security_check
. Every Java
EE-compliant application server will have a security servlet already deployed on
installation, this servlet is mapped to the
j_security_check
URL, as such, its
doPost()
method is executed when the form is submitted.
Each form-based authentication login page must also have two additional fields:
a text field named
j_username
, and a password field named
j_password
. The
security servlet will then check that these values match those in the security realm
when the form is submitted. Needless to say, the form needs a
submit
button so
that user-entered credentials can be sent to the servlet.
We need a way to display an authentication error if the user enters incorrect
credentials.