This post is not about a highly technical subject, but I guess it's nice to have it explained in a few words, for beginners,
and have the real stuff at a glance for experimented users who just want a reminder.
Actually, note the security has nothing to do with your code !
All this aspect relies on configuration + the login page and the error page (JSPs).
Here's what you have to do.
Assume you have a webapp called "MyWebApp".
In the WEB-INF directory, you'll have a web.xml and, if you want to deploy it on WebLogic server, another XML file : weblogic.xml.
Note : Here's presented the authentication through a html form.
In blue, the important stuff.
Web.xml :
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app id="WebApp_ID">
<display-name>MyWebApp</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list><security-constraint>
<web-resource-collection>
<web-resource-name>All</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>webuser</role-name>
</auth-constraint>
</security-constraint><login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login_failed.jsp</form-error-page>
</form-login-config>
</login-config><security-role>
<role-name>webuser</role-name>
</security-role>
</web-app>
Weblogic.xml :
<?xml version="1.0" encoding="UTF-8"?>
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/920/weblogic-web-app.xsd">
<weblogic-version>10.0</weblogic-version>
<context-root>TestInterface</context-root>
<security-role-assignment>
<role-name>webuser</role-name>
<principal-name>Administrators</principal-name>
</security-role-assignment>
<jsp-descriptor>
<page-check-seconds>-1</page-check-seconds>
</jsp-descriptor>
<container-descriptor>
<session-monitoring-enabled>true</session-monitoring-enabled>
</container-descriptor>
</weblogic-web-app>
Login.jsp :
<html>
<head>
<title>Security WebApp login page</title>
</head>
<body>
<blockquote>
<h2>Please enter your username and password:</h2>
<p>
<form method="POST" action="j_security_check">
<table border=1>
<tr>
<td>Username:</td>
<td><input type="text" name="j_username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="j_password"></td>
</tr>
<tr>
<td colspan=2 align=right><input type=submit value="Submit"></td>
</tr>
</table>
</form>
</blockquote>
</body>
</html>
login_failed.jsp :
<%@ page
language="java"
contentType="text/html;charset=UTF-8"
%><%
response.setStatus(200); // To prevent IE from catching the response with its own error page
%>
<html>
<head>
<title>Security WebApp login error page</title>
</head>
<body bgcolor="#cccccc">
<blockquote>
<h2>Vous n'êtes pas autorisé à accéder à l'application.</h2>
</blockquote>
</body>
</html>
If you want to know more, take a look at the official documentation.
No comments:
Post a Comment