Using Form based login
Session-based
Allows Logout - session.invalidate()
Automatically expires when the session expires
More efficient and secure - single authentication
To enrich your career and become a JBoss professional, visit Tekslate, the global online training platform:" JBoss Training". This course will help you achieve excellence in this field.
Fully customizable
Control the layout of the login page
Control the layout of the error page
Provide links to "user registration" or "recover password" actions
Support for FORM-based login is part of the Java EE specification, and like the rest of JAAS-based security, it is independent of the application server With the FORM-based login, the server forces the users to login via an HTML form when it detects the user’s session is not authenticated
This is accomplished by forwarding the users' requests to the login page
In case of authentication failures, users are sent to the login error page
Login.jsp Form Page
JBoss handler: j_security_check for params j_username and j_password
<html><head><title>Login Form</title></head>
<body>
<h1>Login Form</h1>
<form action="j_security_check" method="post">
Username:
<input type="text" name="j_username"/><br/>
Password:
<input type="password" name="j_password"/><br/>
<input type="submit" value="Login" />
</form>
</body>
</html>
To support non-cookie-based-session-tracking, change j_security_check to <%= response.encodeURL("j_security_check") %> which will add JSESSIONID to the request URL if needed.
LoginError.jsp Page
Displays the error message if the authentication fails
<html><head><title>Login Error</title></head>
<body>
<h1>Authentication Error</h1>
<p style="color: red">
Invalid username and/or password.
</p>
<p><a href="Login.jsp">Try again?</a></p>
</body>
</html>
This page is only shown if the user enters an invalid username and/or password. Authorization errors (user not in the required role) are handled separately.
Update Login Configuration
Update <login-config> in web.xml:
<login-config><auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/LoginError.jsp</form-error-page>
</form-login-config>
</login-config>
Authorization Failure
Authorization failures are expressed by HTTP 403 status codes Use <error-page> element to configure HTTP 403 handler in web.xml:
<error-page><error-code>403</error-code>
<location>/AuthorizationError.jsp</location>
</error-page>
For an in-depth understanding on JBoss click on: