before being able to visit any page.
This can be done using JSP sessions or servlets, and in fact this was
a common technique for a while. But starting with a new release of
Servlets specifications (2.2) from Sun, this feature is now very simple
to implement.
It is no longer necessary to use JSP techniques to provide login/password
protection, but it is still a very common requirement of web-sites, therefore
a brief overview is provided here.
To password-protect your site, you just need to design a login page.
This page can be as simple or complicated as you need it to be. It
must contain a <FORM> tag, with the METHOD set to
POST and the ACTION set to "j_security_check".
<FORM METHOD=POST ACTION=j_security_check>
The target j_security_check is provided by the application
server, and does not need to be coded.
The form must contain two <INPUT> fields, named j_username
and j_password respectively for the username and password.
Typically, the username field will be a TEXT input field, and
the password field will be a PASSWORD input field.
After this, you must tell your application server to password protect
your pages using the login page you have provided. The details will
vary from server to server, but a good implementation will provide you
hooks that you can use, for example, to match usernames and passwords against
a database. (E.g., in Blazix you can supply an implementation of
the interface desisoft.deploy.AuthCheck to check usernames and
passwords against a database or other sources.)
Exercise: Read your application server's documentation
and add login/password protection to some of your JSPs.
No comments:
Post a Comment