I have configured form based JAAS in my app. Basically, in web.xml I have declared security constraints on certain jsp page, declared specific roles, login and error pages.
So, my login form is:
This works fine when some user tries to access some of the pages declared in <security-constraint> tag of web.xml.
Container automatically manages login process, redirects to login page and if login details are valid, gives access to secured page.
Now, how should I implement login system so that user can go to login page (possibly same login form) and log in from there?
posted 4 years ago
Well, that's how form based authentication works .
Form's action="j_security_check" sends form field values to container, which handles login process and forwards to asked/secured page (or servlet) if login succeeds.
I was thinking to use this login form "explicitly": just to go to this page, enter login details and press Submit button. But, as I understood, that can't be done when using form based security.
So, I have implemented this like: when user wants to login, user clicks on login link somewhere on the page, which is a link to secured, user account details jsp page.
This will take every ounce of my mental strength! All for a tiny ad: