Java Reference
In-Depth Information
Configuring our application for form-based
authentication
When an unauthenticated user attempts to access a secured page, our application
must redirect the user to the login page. Once the user has successfully authenticated
through the application's security realm, the user is presented with the page he/she
was trying to access. If the user does not successfully authenticate, the application
must direct the user to our login error page. All of this needs to be configured in the
application's
web.xml
deployment descriptor.
As previously mentioned, the Servlet 3.0 specification introduces several annotations
that minimize the need for a
web.xml
deployment descriptor, however
web.xml
is
still needed for securing web applications. To add a
web.xml
deployment descriptor
to our application, we need to right-click on the project then select
New | Other
,
then select the
Web
category and
Standard Deployment Descriptor (web.xml)
from
the
File Types
list.
After clicking
Next >
, and then
Finish
to select all the defaults the file will be created
for us.
By default, NetBeans immediately opens the
web.xml
deployment descriptor in a
visual editor. After clicking the
Security
button in the toolbar, we can enter security
information for our application.
