Using form-based JAAS, MySQL, Apache TomEE, JSP, Servlets
I know how to configure form based JAAS to automatically redirects users to login page, when they try to access secured page. Basically, I have configured JDBC Realm for TomEE and MySQL (in server.xml
file), in web.xml
I have declared <security-constraint>s
, <security-role>s
and <login-config>
.
Then, there is following login form:
<form id="loginForm" action="j_security_check" method="post">
<h3>Login:</h3>
<p>
<label for="name">Username</label> <input name="j_username"
id="username" type="text" required/>
<!-- required -->
</p>
<p>
<label for="password">Password</label> <input name="j_password"
id="password" type="text" required/>
<!-- required -->
</p>
<p>
<input type="submit" value="Submit" />
</p>
</form>
And, this works fine for pages that are declared inside <security-constraint>
tags, in web.xml.
But, I would like to have explicit access to a page where user can log in. So, how should I approach to implementing this login system? I would like to use this login page I am using with declarative form-based JAAS.
I was thinking about to declare some jsp or servlet in web.xml as secured. Then, somewhere on the site, there will be a link that has URL of that secured jsp/servlet. So, when user clicks on the link he will be automatically redirected to login
page (usual behavior in declarative form based JAAS). Then, after successful login, user will be redirected to the secured jsp/servlet.
Now, how can I make this secured jsp/servlet redirects to, lets say /home
servlet? Problem is in this situation is not called HTTP get/post request, so implementing servlet doGet/doPost methods doesn't help.