Answer the question
In order to leave comments, you need to log in
D
D
Danil Ochagov2018-06-15 15:05:31
Danil Ochagov, 2018-06-15 15:05:31
Can you answer questions about web.xml in javaEE, is it about authentication?
Right now I got to the topic in web.xml - user authentication and there are a couple of questions:
1) Eat this code:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecureJSP</web-resource-name>
<url-pattern>/jsp/vip.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Danil</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>Danil</role-name>
</security-role>Here in security-role>role-name we add user roles, and in auth-constraint->role-name we add those who can be admitted when entering a password and nickname?
2) When you do form authentication, then in the jsp file, where the form must be written j_security_check, j_username, j_password and if you make a mistake somewhere, nothing will work, why is that and what are the other names (for example, it will not be a name, but mail)?
Here is the code:
<form action="j_security_check" method="post">
<input type="text" name="j_username"><br/>
<input type="password" name="j_password"><br/>
<input type="submit" value="Login">
</form>3) Web.xml authentications are they generally worth putting into practice, or will there be more convenient ways later in further study of javaEE? It's just that the data is taken not from the database, but from the tomcat file (tomcat-users.xml), then with incorrect data (FORM) in web.xml, you need to write a page to which you will be redirected, but mb I want the text to be displayed and not redirect.
Here is the code that redirects:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/error.jsp</form-error-page>
</form-login-config>
</login-config> 1 answer(s)
@danilochagov
Yes.
It is logical, in programming everywhere so.
Because the combination of username and password is the most common. If you want others, you will have to not use the ready-made login form, but write your own.
In simple cases, the application is quite justified.
Great amount. Learning JAAS will still make your head hurt.
The most elementary solution is to specify the same login page with an error page, but with an additional parameter in the URL, and in the JSP page check for the presence of this parameter and display a message:
S
Sergey Gornostaev, 2018-06-16 @danilochagov
Here in security-role>role-name we add user roles, and in auth-constraint->role-name we add those who can be admitted when entering a password and nickname?
Yes.
It is logical, in programming everywhere so.
Because the combination of username and password is the most common. If you want others, you will have to not use the ready-made login form, but write your own.
In simple cases, the application is quite justified.
Great amount. Learning JAAS will still make your head hurt.
The most elementary solution is to specify the same login page with an error page, but with an additional parameter in the URL, and in the JSP page check for the presence of this parameter and display a message:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsp/login.jsp</form-login-page>
<form-error-page>/jsp/login.jsp?fail</form-error-page>
</form-login-config>
</login-config><c:if test="${param.fail != null }" >
<span class="error">Неправильное имя пользователя или пароль</span>
</c:if>
Similar questions
I
E
B
E
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question