Monday, January 17, 2011

HTTP Authentication

Despite working with JEE for years I have always rolled my own Authentication solution. In my current position I inherited a FORM based security solution.

This website give a nice overview.]2002/06/12/form.html

Of particular note:

Auth method is defined in the web.xml in the following section









The login form must contain fields for entering username and password.

These fields must be named

j_username and j_password, respectively.

This form should post these values to j_security_check logical name. (Should use ssl to ensure passwords are protected)

In our case we were using this on Welbogic, and using the default myrealm. This then uses the users/ groups and roles as defined in the weblogic domain.

No comments: