Forums Register Login

Regarding Form based authentication

+Pie Number of slices to send: Send


As login page --loginpage.html
and error page--loginerror.html

is the name fixed for them or can it be changed.

its a question from mock test
+Pie Number of slices to send: Send
It can be changed in the web.xml file; see the servlet specification for details on how to do that.
+Pie Number of slices to send: Send
it is defined in the web.xml like this



keep in mind that the leading / is mandatory, and the form-login-config can only be used if the auth method is FORM
+Pie Number of slices to send: Send
There is no good reason for them to be fixed. Can be anything.

Actually, you can put this authentication form on just any page while taking care which servlet it invokes. So the total flow of your application is in your hands.

A doubt from my side: What would be the utility of this <login-config> element?

Regards
+Pie Number of slices to send: Send
 

A doubt from my side: What would be the utility of this <login-config> element?



i don't get that part ...
+Pie Number of slices to send: Send
Thanks

But if form-login-config is defined in login config withou form auth constraint or its left blank

then does it throw any exception
+Pie Number of slices to send: Send
if you have this in your web.xml



your web app will start just fine, but as soon as you request a secured part of your web app
the container throws the following exception and an empty page is returned to the requester





oh and not defining the <auth-method> tag will cause the container to not even start up....
as soon as <login-config> is present, <auth-method> is mandatory
+Pie Number of slices to send: Send
Thanks a lot for your valuable input.
+Pie Number of slices to send: Send
 

Sebastian Janisch wrote:

A doubt from my side: What would be the utility of this <login-config> element?



i don't get that part ...



Actually I want to ask why at all do we need to tell the application about the login config in this way? Why to have all this <login-config> story in web.xml or anywhere for that matter? I hope the doubt is clear.

Regards
+Pie Number of slices to send: Send
Because you can choose whether you want to use one of the 4 login mechanisms.

Hence the login-config tag in the web-xml.

  • BASIC
  • FORM
  • DIGEST
  • CLIENT_CERT


  • If your web application does not have secured parts, there is no need for the login-config, you can omit it in your web.xml file.
    +Pie Number of slices to send: Send
    Oh, okay. So that means it is perfectly alright if I do not have this element in my web.xml and simple use a form in one or all of my web pages that take in a username and password and I do the authentication myself, using jdbc or something?

    Am I off track? I hope I am not being too deviling

    Regards
    +Pie Number of slices to send: Send
    Yep that is correct, even though the container already provides login mechanisms (that can also be hooked up with JDBC). So why use custom login mechanisms ?
    Forget this weirdo. You guys wanna see something really neat? I just have to take off my shoe .... (hint: it's a tiny ad)
    a bit of art, as a gift, the permaculture playing cards
    https://gardener-gift.com


    reply
    reply
    This thread has been viewed 1140 times.
    Similar Threads
    serialization and deserialization support in SOAP
    EntityManager in Servlets Doubt
    stay with same page after submiting form
    isThreadSafe
    Main
    More...

    All times above are in ranch (not your local) time.
    The current ranch time is
    Mar 29, 2024 08:32:07.