[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details

setting up form based java servlet security

Asked by SYMON in Java Servlets, Miscellaneous Security, Java Server Pages (JSP)

Tags: java

hi i have implemented a set of servlet pages....

i have implemented a loginpage.html which redirects to the servlet which processes the login
via checking the usr name and password against a database...

all works fine...

however on further reading i have discovered predefined security measures

i have come up with the following for the web.xml

[code]

<security-constraint>
            <web-resource-collection>
                  <web-resource-name>Test</web-resource-name>
                  <url-pattern>/LoginForm.html</url-pattern>
                  <http-method>GET</http-method>
                  <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                  <role-name>manager</role-name></auth-constraint>
            <user-data-constraint>
                  <transport-guarantee>NONE</transport-guarantee></user-data-constraint></security-constraint><login-config>
            <auth-method>FORM</auth-method>
            <form-login-config>
                  <form-login-page>/LoginForm.html</form-login-page>
                  <form-error-page>/LoginErr.html</form-error-page>
            </form-login-config></login-config>

      <servlet>
            <description>
            </description>
            <display-name>loginCheck</display-name>
            <servlet-name>loginCheck</servlet-name>
            <servlet-class>loginCheck</servlet-class>
      </servlet>

      <servlet>
      <description>
      </description>
      <display-name>login</display-name>
      <servlet-name>login</servlet-name>
      <servlet-class>login</servlet-class>
      </servlet>
      
      <servlet-mapping>
            <servlet-name>ApageMaker</servlet-name>
            <url-pattern>/ApageMaker</url-pattern>
      </servlet-mapping>
<servlet-mapping>
      <servlet-name>login</servlet-name>
      <url-pattern>/login</url-pattern>
</servlet-mapping><welcome-file-list>
            <welcome-file>index.html</welcome-file>
            <welcome-file>index.htm</welcome-file>
            <welcome-file>index.jsp</welcome-file>
            <welcome-file>default.html</welcome-file>
            <welcome-file>default.htm</welcome-file>
            <welcome-file>default.jsp</welcome-file>
            <welcome-file>LoginForm.html</welcome-file>
      </welcome-file-list>
      
</web-app>


[/code]

now the part i dont' get is that my login,html now has the following

[code]

<form action="j_security_check" method = "get">

                  
                  
            <h1 align="center"></br> Coffee RTIS Login </h1>
                  
                  <center>
                        <table border ="0">
                              <tr>
                                    <td ><h3>user name</br></h3></td>
                                    <td>
                                          <input type="text" name = "j_username">

                                    </td>
                              </tr>
                              
                              <tr>
                                    <td><h3>password</h3></td>
                                    <td>
                                          <input type="password" name = "j_password">
                                    
                                    </td>
                              
                              </tr>

                        
                        
                        
                        </table>
                  
                  <input type ="submit" value = "Login!">

[/code]

in the old version the action redirceted to s servlet ie

[code]

   <form  action="www.servlet.com\servlet\login" ...

[/code]

which redirects to the login processing servlet....

in the new version, where or how do you store a list of logins ....

or how do you redirect to a login processing servlet...

thanks
[+][-]11/08/09 10:56 AM, ID: 25771410Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11/08/09 10:58 AM, ID: 25771419Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11/08/09 12:10 PM, ID: 25771678Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091118-EE-VQP-93 - Hierarchy / EE_QW_3_20080625