12 Replies Latest reply on Mar 15, 2004 3:32 PM by lords_diakonos

    Making a login form

    lords_diakonos Newbie

      This question may seem trivial but would someone explain to me how to make a login form. I have basic authentication working with a servlet but I would like to use a login form. I added the loginform tags to my web.xml file and the path to the login form.html but what do I call the fields in the html form? Where do I point the for to, the servlet?

        • 1. Re: Making a login form
          Juha Lindfors Master

           

          <form action='j_security_check' method='POST'>
          <table>
          <tr><td>User:<td><input name='j_username'>
          <tr><td>Password:<td><input name='j_password'>
          <tr><td><input type=submit>
          </table>
          </form>
          



          • 2. Re: Making a login form
            lords_diakonos Newbie

            I actually did this but it still didn't work. I am using the browseldapmodule to authenticate with Active Directory. I have an index.html page that points to a servlet with the url mapping of /message
            when you try to access /message the login form comes up. What do I set the action of the login form to be?

            • 3. Re: Making a login form
              Juha Lindfors Master

              The action is "j_security_check" that is recognized by your servlet container as an authentication form.

              • 4. Re: Making a login form
                alisson Newbie

                I've done my form as yours, but the users are not authenticated, even my loginError.jsp is called. Should I import some package from login.jsp or loginError.jsp? See my configurations:

                web.xml:
                <security-constraint>
                <web-resource-collection>
                <web-resource-name>Secure Pages</web-resource-name>
                <url-pattern>/cadastro/web/ConsultaAluno.jsp</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                </web-resource-collection>
                <auth-constraint>
                <role-name>professor</role-name>
                </auth-constraint>
                <user-data-constraint>
                <transport-guarantee>NONE</transport-guarantee>
                </user-data-constraint>
                </security-constraint>

                <security-role>
                Grupo dos professores
                <role-name>professor</role-name>
                </security-role>

                <login-config>
                <auth-method>FORM</auth-method>
                <!-- ExampleRealm is defined in login-config.xml -->
                <realm-name>testeSec</realm-name>
                <form-login-config>
                <form-login-page>/login.jsp</form-login-page>
                <form-error-page>/loginError.jsp</form-error-page>
                </form-login-config>
                </login-config>

                login-config.xml:
                <application-policy name = "jmx-console">

                <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                flag = "required" />

                </application-policy>
                <application-policy name = "testeSec">

                <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
                flag = "required">
                <module-option name="dsJndiName">java:/AcademicoDB</module-option>
                <module-option name="principalsQuery">select passwd from users where username=?</module-option>
                <module-option name="rolesQuery">select userRoles, roleGroup from userroles where username=?</module-option>
                </login-module>

                </application-policy>

                • 5. Re: Making a login form
                  lords_diakonos Newbie

                  Juha,

                  I did that but I get a 404 error and my username and password are being passed in the url here is what I am getting.

                  http://localhost:8080/WebMessage/j_security_check%20METHOD=?j_username=xxxxx&j_password=xxxx&Login=Submit

                  • 6. Re: Making a login form
                    lords_diakonos Newbie

                    Sorry fo rthe double posting I wanted to explain what I am trying to accomplish. I need to get the username in my servlet after the user logs in. I am using Basic authentication but I am not sure how to get the username I thought with a form I could pass it as a parameter to the servlet.

                    • 7. Re: Making a login form
                      Scott Stark Master


                      import java.security.Principal;
                      
                      public class SnoopServlet extends HttpServlet
                      {
                       protected void doGet(HttpServletRequest request, HttpServletResponse response)
                       throws ServletException, IOException
                       {
                       // getUserPrincipal returns non-null only when the servlet is secured
                       Principal user = request.getUserPrincipal();
                       String username = user.getName();
                       }
                      }
                      



                      • 8. Re: Making a login form
                        lords_diakonos Newbie

                        It is not working :-( here are the sniplets from my code

                        public void doPost(HttpServletRequest request,
                         HttpServletResponse response)
                         throws IOException {
                        // String username = request.getParameter("j_username");
                        
                         Principal user = request.getUserPrincipal();
                         String username = user.getName();
                        
                         String message;
                         message = processRequest(request);
                         generateResponse(message, username, response);
                         }


                        private void generateResponse(String message, String username,
                         HttpServletResponse response)
                         throws IOException {
                        
                         response.setContentType("text/html");
                         PrintWriter out = response.getWriter();
                        
                         out.println("<HTML>");
                         out.println("<HEAD>");
                         out.println("<TITLE>Message Servlet</TITLE>");
                         out.println("</HEAD>");
                         out.println("<BODY BGCOLOR=\"white\">");
                         out.println("Hi" + username);
                         out.println("The message is: <BR>");
                         out.println("<BLOCKQUOTE><B>" + message + "<B></BLOCKQUOTE>");
                         out.println("</BODY>");
                         out.println("</HTML>");
                        
                         out.close();
                         }


                        • 9. Re: Making a login form
                          lords_diakonos Newbie

                          starksm,

                          That works for BASIC but not for FORM authentication.

                          • 10. Re: Making a login form
                            Scott Stark Master

                            Access to the getUserPrincipal does not depend on the auth method used. It works for basic and form auth.

                            • 11. Re: Making a login form
                              lords_diakonos Newbie

                              OK this is wierd. When I change my login to FORM authentication instead of BASIC The page doesn't display the username with the code below but if I don't cloas ethe browser and I go back and access my servlet again it shows my username.

                              
                              import javax.servlet.http.HttpServlet;
                              import javax.servlet.http.HttpServletRequest;
                              import javax.servlet.http.HttpServletResponse;
                              // Support classes
                              import java.io.IOException;
                              import java.io.PrintWriter;
                              import java.security.Principal;
                              
                              public class MessageServlet extends HttpServlet {
                              
                              ...
                              
                               // Handle the GET HTTP Method
                               public void doGet(HttpServletRequest request,
                               HttpServletResponse response)
                               throws IOException {
                               String username = "";
                              
                               String message;
                               message = processRequest(request);
                               generateResponse(message, username, response);
                               }
                              
                               // Handle the POST HTTP Method
                               public void doPost(HttpServletRequest request,
                               HttpServletResponse response)
                               throws IOException {
                              // String username = request.getParameter("j_username");
                              
                               Principal user = request.getUserPrincipal();
                               String username = user.getName();
                              
                               String message;
                               message = processRequest(request);
                               generateResponse(message, username, response);
                               }
                              
                               // Process the request
                               private String processRequest(HttpServletRequest request) {
                              
                              ...
                              
                               int msg_index = (int) (Math.random() * list.length);
                              
                               return list[msg_index];
                               }
                              
                               // Generate the HTML response
                               private void generateResponse(String message, String username,
                               HttpServletResponse response)
                               throws IOException {
                              
                               response.setContentType("text/html");
                               PrintWriter out = response.getWriter();
                              
                               out.println("<HTML>");
                               out.println("<HEAD>");
                               out.println("<TITLE>Message Servlet</TITLE>");
                               out.println("</HEAD>");
                               out.println("<BODY BGCOLOR=\"white\">");
                               out.println("Hi " + username);
                               out.println("Your message is: <BR>");
                               out.println("<BLOCKQUOTE><B>" + message + "<B></BLOCKQUOTE>");
                               out.println("</BODY>");
                               out.println("</HTML>");
                              
                               out.close();
                               }
                              }


                              • 12. Re: Making a login form
                                lords_diakonos Newbie

                                For anyone interested I solved it. I needed to add

                                Principal user = request.getUserPrincipal();
                                 String username = user.getName();
                                
                                in the doGet method