Portlet Factory, Version 6.1.2
Configuration Example – Login/Role
For requests to models under the above protected models, where a user is not already authenticated, the application server's servlet container will itself force the request to perform a login before sending the request on to the original URL destination (if authenticated and authorized based on the specified role(s)). The following example illustrates Login Configuration from a J2EE standard web.xml configuration file for use with the above security constraints.
Note: The login.html page referenced must contain the following items that the Servlet Container's login handling code will look for:
- Form tag with an action of j_security_check (a well known J2EE standard action for login)
- Two inputs:
- j_username
- j_password
- JSP Error PageThe error page is where the user is sent upon failed authentication (bad login) or authorization (not a member of a role allowed by the Security Constraint that triggered this login). This page might have a "Back" link to allow a user to try again.
<login-config id="LoginConfig_1"> <auth-method>FORM</auth-method> <realm-name>Form Authentication</realm-name> <form-login-config id="FormLoginConfig_1"> <form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config>For use of roles across multiple WARs in an EAR, roles can be defined in an EAR file's META-INF/application.xml file.
Parent topic: Overview: security methodologies
Library | Support |