Saturday, January 14, 2012

Authentication in Web.xml

Authentication

A web container can authenticate a web client/user using either HTTP BASIC, HTTP DIGEST, HTTPS CLIENT or FORM based authentication schemes.

Use Case: We would like to utilize the browser authentication mechanism, HTTP BASIC as defined in the HTTP 1.0 specification.

The login-config.xml element in web.xml would look like the following:
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>default</realm-name>
</login-config>

Use Case: We would like to utilize HTTPS Client authentication mechanism that is based on digital certificates. The authentication is based on the user's X509 certificate. The login-config.xml element in web.xml would look like the following:

<login-config>
   <auth-method>CLIENT-CERT</auth-method>
   <realm-name>JMX Console</realm-name>
</login-config>

Use Case: We would like to utilize FORM based authentication mechanism. FORM based mechanism provides flexibility in defining a custom jsp/html page for login and another page to direct for errors during login. The login-config xml element in web.xml would look like the following:

<login-config>
   <auth-method>FORM</auth-method>
   <form-login-config>
       <form-login-page>/login.html</form-login-page>
      <form-error-page>/error.html</form-error-page>
   </form-login-config>
</login-config>

In this case, the html page for login is the login.html and if any errors are encountered (including failed login), the user is directed to error.html
Posted by Amit Kumar Mangal at 2:54 AM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)