Question
Using form-based JAAS, MySQL, Apache TomEE, JSP, Servlets
I know how to configure form based JAAS to automatically redirects users to login page, when they try to access secured page. Basically, I have configured JDBC Realm for TomEE and MySQL (in server.xml file), in web.xml I have declared <security-constraint>s, <security-role>s and <login-config>.
Then, there is following login form:
https://stackoverflow.com/questions/21442412
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<form id="loginForm" action="j_security_check" method="post">
<h3>Login:</h3>
<p>
<label for="name">Username</label> <input name="j_username"
id="username" type="text" required/>
<!-- required -->
</p>
<p>
<label for="password">Password</label> <input name="j_password"
id="password" type="text" required/>
<!-- required -->
</p>
<p>
<input type="submit" value="Submit" />
</p>
</form>
And, this works fine for pages that are declared inside <security-constraint> tags, in web.xml.
But, I would like to have explicit access to a page where user can log in. So, how should I approach to implementing this login system? I would like to use this login page I am using with declarative form-based JAAS.
I was thinking about to declare some jsp or servlet in web.xml as secured. Then, somewhere on the site, there will be a link that has URL of that secured jsp/servlet. So, when user clicks on the link he will be automatically redirected to login page (usual behavior in declarative form based JAAS). Then, after successful login, user will be redirected to the secured jsp/servlet.
Now, how can I make this secured jsp/servlet redirects to, lets say /home servlet? Problem is in this situation is not called HTTP get/post request, so implementing servlet doGet/doPost methods doesn't help.
Solution 2
I didn't understand clearly how form based security works, at the time of writing this question. I was thinking to use this login form "explicitly": just to go to this page, enter login details and press Submit button. But, as I understood, that can't be done when using form based security.
So, I have implemented this like: when user wants to login, user clicks on login link somewhere on the page, which is a link to secured, user account details jsp page.
OTHER TIPS
Now, how can I make this secured jsp/servlet redirects to, lets say /home servlet? Problem is in this situation is not called HTTP get/post request, so implementing servlet doGet/doPost methods doesn't help.
Instead of a redirect to /home, do a redirect to /homeredir. Then /homeredir does a 302-redirect to /home. (Or instead of a 302, does it via a JavaScript location.replace().)
