Name
<login-config>
Synopsis
For an
application
that uses the <security-constraint> element
to protect resources, you must also define how to authenticate users
with a <login-config> element. It can
contain three subelements: <auth-method>,
<realm-name>, and
<form-login-config>:
<login-config> <auth-method>BASIC</auth-method> <realm-name>Protected pages</realm-name> </login-config>
The <auth-method> element can have one of
the values BASIC, DIGEST,
FORM. and CLIENT-CERT,
corresponding to the four container-provided authentication methods
described in Chapter 12. The
<realm-name> element can specify the name
shown by the browser when it prompts for a password when
BASIC and DIGEST authentication
is used.
If FORM authentication is used, the
<form-login-config> element defines the
login page and an error pages (used for invalid login attempts):
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Protected pages</realm-name>
<form-login-config>
<form-login-page>/login/login.html</form-login-page>
<form-error-page>/login/error.html</form-error-page>
</form-login-config>
</login-config>For more about the FORM authentication method, see
Chapter 12.
Get JavaServer Pages, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
