In this section, you will learn how to specify an authentication mechanism in the deployment descriptor.
In a multitier enterprise application, several containers are needed to deploy various components of Enterprise tiers. These container also provide security to these components. Two types of security is provided by the container :
In declarative security , we can define security requirements of application's components in deployment descriptor (web.xml).
<login-config> element is employed to define authentication mechanism. The sub elements of this elements are given below :
You can declare all the roles used in the application using <security-role> element of the deployment descriptor. Where as <auth-constraint> element tells us which of these roles is authorized to access protected resources.
You can declare form-based authentication and security roles in your deployment descriptor as follows :
<web-app> <security-constraint> <web-resource-collection> <web-resource-name>User Auth</web-resource-name> <url-pattern>/auth/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> <role-name>manager</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>User Auth</realm-name> <form-login-config> <form-login-page>login.jsp</form-login-page> <form-error-page>error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>admin</role-name> </security-role> <security-role> <role-name>manager</role-name> </security-role> </web-app>
Recommend the tutorial