Using Form based login 

Session-based

Allows Logout - session.invalidate()

Automatically expires when the session expires

More efficient and secure - single authentication

To enrich your career and become a JBoss professional, visit Tekslate, the global online training platform:" JBoss Training". This course will help you achieve excellence in this field.

Fully customizable

Control the layout of the login page

Control the layout of the error page

Provide links to "user registration" or "recover password" actions

Support for FORM-based login is part of the Java EE specification, and like the rest of JAAS-based security, it is independent of the application server With the FORM-based login, the server forces the users to login via an HTML form when it detects the user’s session is not authenticated

This is accomplished by forwarding the users' requests to the login page

In case of authentication failures, users are sent to the login error page

Login.jsp Form Page

JBoss handler: j_security_check for params j_username and j_password

<html>

<head><title>Login Form</title></head>

<body>

<h1>Login Form</h1>

<form action="j_security_check" method="post">

Username:

<input type="text" name="j_username"/><br/>

Password:

<input type="password" name="j_password"/><br/>

<input type="submit" value="Login" />

</form>

</body>

</html>

To support non-cookie-based-session-tracking, change j_security_check to <%= response.encodeURL("j_security_check") %> which will add JSESSIONID to the request URL if needed.

LoginError.jsp Page

Displays the error message if the authentication fails

<html>

<head><title>Login Error</title></head>

<body>

<h1>Authentication Error</h1>

<p style="color: red">

Invalid username and/or password.

</p>

<p><a href="Login.jsp">Try again?</a></p>

</body>

</html>

This page is only shown if the user enters an invalid username and/or password. Authorization errors (user not in the required role) are handled separately.

Update Login Configuration

Update <login-config> in web.xml:

<login-config>

<auth-method>FORM</auth-method>

<form-login-config>

<form-login-page>/Login.jsp</form-login-page>

<form-error-page>/LoginError.jsp</form-error-page>

</form-login-config>

</login-config>

Authorization Failure

Authorization failures are expressed by HTTP 403 status codes Use <error-page> element to configure HTTP 403 handler in web.xml:

<error-page>

<error-code>403</error-code>

<location>/AuthorizationError.jsp</location>

</error-page>

For an in-depth understanding on JBoss click on: