http://www.informit.com/articles/article.aspx?p=24253&seqNum=5
These type of posts show you the basics and work well but what you will end up with is a login page where users attempt to log in, and an error page where users are redirected if there is an error. This is really annoying for users, since if they mistype their username or password they are redirected to a page where they then have to follow a link back to the login page.
If you just want to use the out-of-the-box security for example provided by Tomcat, you will have to have two separate jsps, but there is no reason why the error jsp can't simply forward to the login page:
login-invalid.jsp:
<jsp:forward page="login.jsp"><jsp:param value="true" name="invalid"/></jsp:forward>
login.jsp:
<c:if test="${param.invalid}">
<div>
Sorry, that login was not recognised, please log in again.
</div>
</c:if>
<h3>Log in</h3>
<form method="post" action="${ctx}/j_security_check">
<div>
<label for="j_username">Email:</label>
<input type="text" name="j_username">
</div>
<div>
<label for="j_password">Password:</label>
<input type="password" name="j_password">
</div>
<div><input type="submit" value="Enter"/></div>
</form>
No comments:
Post a Comment