• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Regarding Form based authentication

 
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


As login page --loginpage.html
and error page--loginerror.html

is the name fixed for them or can it be changed.

its a question from mock test
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It can be changed in the web.xml file; see the servlet specification for details on how to do that.
 
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
it is defined in the web.xml like this



keep in mind that the leading / is mandatory, and the form-login-config can only be used if the auth method is FORM
 
Ranch Hand
Posts: 257
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is no good reason for them to be fixed. Can be anything.

Actually, you can put this authentication form on just any page while taking care which servlet it invokes. So the total flow of your application is in your hands.

A doubt from my side: What would be the utility of this <login-config> element?

Regards
 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

A doubt from my side: What would be the utility of this <login-config> element?



i don't get that part ...
 
rachna jain
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks

But if form-login-config is defined in login config withou form auth constraint or its left blank

then does it throw any exception
 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
if you have this in your web.xml



your web app will start just fine, but as soon as you request a secured part of your web app
the container throws the following exception and an empty page is returned to the requester





oh and not defining the <auth-method> tag will cause the container to not even start up....
as soon as <login-config> is present, <auth-method> is mandatory
 
rachna jain
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks a lot for your valuable input.
 
Himanshu Kansal
Ranch Hand
Posts: 257
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Sebastian Janisch wrote:

A doubt from my side: What would be the utility of this <login-config> element?



i don't get that part ...



Actually I want to ask why at all do we need to tell the application about the login config in this way? Why to have all this <login-config> story in web.xml or anywhere for that matter? I hope the doubt is clear.

Regards
 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Because you can choose whether you want to use one of the 4 login mechanisms.

Hence the login-config tag in the web-xml.

  • BASIC
  • FORM
  • DIGEST
  • CLIENT_CERT


  • If your web application does not have secured parts, there is no need for the login-config, you can omit it in your web.xml file.
     
    Himanshu Kansal
    Ranch Hand
    Posts: 257
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Oh, okay. So that means it is perfectly alright if I do not have this element in my web.xml and simple use a form in one or all of my web pages that take in a username and password and I do the authentication myself, using jdbc or something?

    Am I off track? I hope I am not being too deviling

    Regards
     
    Sebastian Janisch
    Ranch Hand
    Posts: 1183
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Yep that is correct, even though the container already provides login mechanisms (that can also be hooked up with JDBC). So why use custom login mechanisms ?
     
    Consider Paul's rocket mass heater.
    reply
      Bookmark Topic Watch Topic
    • New Topic