I have created a jsp page named Login.jsp, here's the followings code:
is that the structure of my page is correct according to you?
i create a new folder below WebContent in my project, named "authentication" and i placed below home.jsp.
This page will display, if the login and password is correct.
Also, i change some thing in web.xml of project :
When i enter "http://localhost:8080/Gestion_de_stock/authentication/home.jsp" many problem appears :
Firstly, the login page doesn't display with the style that i made in a css file "style.css"
Also, when i enter a correct login and password an error page display and a url i don't know where it comes from "http://localhost:8080/Gestion_de_stock/authentication/image/top_logo.png"
Would you please help me to find out my problem, and thank you in advance :)
Container-managed security, as its name implies is handled by the container (web server), not by the web application itself. All the web application does is indicate to the server when authentication is required, what transport channel (BASIC or FORM) will be used to demand credentials, and in the case of FORM-based login, the templates for the login and loginfail forms.
1. You cannot direct a user directly to the login page via a URL. In other words, "http://www.myserver.com/myapp/login.jsp" will not work properly. It will present the login page, but that page will not be connected to the container's login process, and therefore won't work. To get a login page, the user has to request one of the protected URLs that you defined in the WEB-INF/web.xml file. This will cause the server to check to see if the user is logged in, run the user through the login process, if needed, then present whatever page would normally come from requesting that protected URL.
2. You cannot write special login logic, provide additional login parameters, or expect special post-login or login-fail actions. The login process is handled by a special plugin (Realm) to the server, using a common interface method (authenticate), which accepts 2 parameters (user ID and password) from the container (obtained from the login/loginfail form) and returns a OK/failed status. To repeat, then, no application logic is involved in the container login process.
I think you understood this, based on your examples, but I like to repeat it often, because a lot of people do not.
You do have one problem, however. You have defined a rule that requires authentication on ALL URLs, including the CSS and image URLs on your login/loginfail pages. In other words, to retrieve and display the logo on the login page, you have to already be logged in. In theory, this should have caused some sort of recursion problem, but in reality what I've seen is basically what you reported.
I prefer to keep a public "hello" page myself, so that users can tell what site they've landed on and general news can be displayed. From there I can direct them to the secured part of the site.
And, of course, I exempt the CSS and image URLs from being secured.
You do have one problem, however. You have defined a rule that requires authentication on ALL URLs, including the CSS and image URLs on your login/loginfail pages. In other words, to retrieve and display the logo and CSS on the login page, you have to already be logged in. Except that you're not logged in or you wouldn't be seeing the login page. In theory, this should have caused some sort of recursion problem, but in reality what I've seen is basically what you reported.
Same basic problem. Trying to match too many URLs in one pattern.
I have another problem, when i want to logout,
The authentication page displayed and not the login page.
Andi if i change the href to "Login.jsp", when i want to login another time an error appears.