Despite working with JEE for years I have always rolled my own Authentication solution. In my current position I inherited a FORM based security solution.
This website give a nice overview.
http://onjava.com/pub/a/onjava/]2002/06/12/form.html
Of particular note:
Auth method is defined in the web.xml in the following section
<login-config>
<auth-method>FORM</auth-method>
<realm-name>myrealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/fail_login.html</form-error-page>
</form-login-config>
</login-config>
The login form must contain fields for entering username and password.
These fields must be named
j_username and j_password, respectively.
This form should post these values to j_security_check logical name. (Should use ssl to ensure passwords are protected)
In our case we were using this on Welbogic, and using the default myrealm. This then uses the users/ groups and roles as defined in the weblogic domain.
No comments:
Post a Comment