Back to: JSP Tutorials for Beginners and Professionals
Form-Based Authentication in JSP with an Example
In this article, I am going to discuss the Form-Based Authentication in JSP Application with an Example. Please read our previous article where we discussed Basic Authentication in JSP Applications.
Form-Based Authentication in JSP
In Form-Based Authentication, we are using HTML forms instead of pop-ups to prompt the user for the credentials to give a better look and feel. For a better understanding, how the Form-Authentication works in JSP, please have a look at the following image.
First, an authenticated user requests a resource protected by a JEE security Constraint. The application server then redirects the request to the Login Form defined in the Web deployment Descriptor. Then on the login form, the user enters the user ID and password and submits the form. If the servlet authenticates the user successfully, it redirects the user to the originally requested resource, else if the credentials are invalid, the user redirects to an error page.
Example: Form-Based Authentication in JSP
In this example, we are creating a login.jsp page to enter credentials by the user and failure.jsp to indicate the error message to the user if the entered credentials are incorrect. If the entered credentials are correct it will take you to the secured page,i.e. FormBasedSecurity.jsp page.
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" id="WebApp_ID" version="4.0"> <display-name>JSPDemo</display-name> <welcome-file-list> <welcome-file>FormBasedSecurity.jsp</welcome-file> </welcome-file-list> <security-constraint> <web-resource-collection> <web-resource-name> Private Resource </web-resource-name> <url-pattern>/FormBasedSecurity.jsp</url-pattern> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <description> </description> <role-name>admin</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>admin</role-name> </security-role> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/failure.jsp</form-error-page> </form-login-config> </login-config> </web-app>
login.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <!DOCTYPE html> <html> <head> <title>Login Form</title> </head> <body> <form name="logonform" action="j_security_check" method="POST"> Username: <input type="text" name="j_username"/> <br/> Password:<input type="password" name="j_password"/> <br/> <input type="submit" value="Submit"/> </form> </body> </html>
failure.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <!DOCTYPE html> <html> <head> <title>Authentication Failure </title> </head> <body> <h4> Access Denied !! </h4> </body> </html>
FormBasedSecurity.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <!DOCTYPE html> <html> <head> <title> Form Based Security JSP </title> </head> <body> <h4> Form Based Security JSP </h4> </body> </html>
Output
Run your FormBasedSecurity.jsp page, it will ask you to enter credentials:
Now enter your admin credentials as we configured them for the admin users. If you will enter invalid credentials, you will get the following output:
If you will enter valid credentials, you will get the following output:
In the next article, I am going to discuss Programmatic Security in JSP Application with an Example. Here, in this article, I try to explain Form-Based Authentication in JSP Application with an Example and I hope you enjoy this Form-Based Authentication in the JSP article.