Security Configuration
WebLogic provides several ways to secure a web application:
You can declaratively configure web authentication for clients that access your web application. You can restrict access to resources in a web application by applying security constraints to a collection of web resources.
A servlet/JSP can programmatically check whether the client has sufficient privileges before executing a particular piece of code.
You can programmatically log in a user, bypassing the standard J2EE mechanisms.
Authentication
The
login-config element in the standard
web.xml deployment descriptor allows you to set
up authentication for a web application. You can specify the
authentication method using the auth-method
element. WebLogic supports the following authentication methods:
- HTTP basic authentication (
BASIC) Here the web server authenticates the client against the security realm using the supplied username and password combination.
- Form-based authentication (
FORM) Here the client authenticates using a custom HTML form, which resembles:
<form method="post" action="j_security_check"> <input type="text" name="j_username"> <input type="password" name="j_password"> </form>
If you choose form-based authentication, you must specify the locations for the login page that initially will be displayed, and the error page that will be used when the user fails to authenticate himself. Use the
form-login-pagesubelement to specify the login page, and theform-error-pagesubelement to specify ...
Get WebLogic: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
