On Wed, 6 Jun 2001, Jon.Ridgway wrote:
> Hi,
>
> When using form based auth the web container will under take the auth using
> the j_password & j_username supplied. So it all depends on which container
> you are using. Tomcat for example allows you to map to a database containing
> user and role info in the web.xml. You also have to specify a login and
> error page in the web.xml.
>
> Jon.
>
The key issues to remember when using form-based login:
* Your login page must conform to the requirements of the servlet spec
(i.e. must post to "j_security_check" and have fields "j_username"
and "j_password").
* You must protect your pages with an appropriate <security-constraint>
that includes an <auth-constraint> inside.
* Don't refer to the login page itself in your application -- the
container will simply use it automatically if the user requests
a protected resource.
* Remember that security constraints work on the URL to which the browser
submits (i.e. normally a "*.do"). They are not checked on a
RequestDispatcher.forward() call.
Craig
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]
> Sent: 06 June 2001 08:17
> To: [EMAIL PROTECTED]
> Subject: Form based authentication
>
>
> Hi,
>
> Has anyone used Form based authentication? How does action
> ="j_security_check" work?
>
> Thanks,
> Nagalli
>
>
