• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

FORM authentication and http methods

 
Tridib Samanta
Ranch Hand
Posts: 128
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
Is it mandatory to use method="POST" for form based authentication? Is it not possible to use GET?
 
Mahesh Desai
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When we go for HTTP FORM-basedauthentication mechanism, the login form with an ACTION of "j_security_check" must contain fields for entering a username and a password. These fields must be named "j_username" and "j_password", respectively.

<form method=�POST� action=�j_security_check�>
<input type=�text� name=�j_username�>
<input type=�password� name=�j_password�>
</form>

GET defeats the whole point of password fields, all forms that have password fields should use a METHOD of POST. For Form-based authentication mechanism we always use a Method of POST instead of GET.

Thanks,
Mahesh

----------
SCJP 1.4, SCWCD 1.4, SCBCD 1.3, (SCEA Part I preparing......)
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic