All Examples  All Security Examples

Package Index

formauth Java Server Pages Example

about this example

This example shows how to use JSP to force authentication before an HTML page is displayed.

The example includes the following files:

form.jsp
This page displays the login form. When the user clicks the Login button, login data is POSTed to the page that called form.jsp or, if the user loaded form.jsp directly, to a designated page, securitytest.jsp as distributed. The page you designate must include authenticate.jsp so that it can process the POST data.

error.jsp
This page is the same as form.jsp, except that it displays an "authentication failure" message above the login form. It is displayed if authenticate.jsp executes before a user has been authenticated in the WebLogic realm.

authenticate.jsp
This JSP code can be included at the top of any HTML page to force authentication before the page is viewed. The JSP code instantiates the weblogic.servlet.security.ServletAuthentication class and performs an authentication call into the WebLogic realm. If the authentication call succeeds, the remainder of the page is displayed. If the authentication call fails, an error page is displayed instead.

securitytest.jsp
This is a simple page that displays "Success!" in the web browser after the user is successfully authenticated. It sets the name of the login form and the name of the error page, then includes authenticate.jsp at the top of the file, before the <HTML> tag, and authdone.jsp at the bottom of the file, after the </HTML> tag. The web page is coded in standard HTML between the JSP include statements.

authdone.jsp
This JSP file can be included at the end of a page that is loaded after the authenticate.jsp page has executed. It removes the authenticated user's InitialContext from the session. The session then loses the ability to use the authenticated user.

how to use this package

  1. Set up the necessary properties in your weblogic.properties file, including registering the JSP servlet, setting its initArgs, and setting up a document root. Here is an example registration. There is a similar one commented out in the installed properties file. Be sure to edit the paths to match your installation. 
    weblogic.httpd.register.*.jsp=\
    weblogic.servlet.JSPServlet

weblogic.httpd.initArgs.*.jsp=\
    pageCheckSeconds=60,\
    packagePrefix=examples.jsp,\
    compileCommand=/java/bin/javac.exe,\
    workingDir=/weblogic/myserver/temp,\
    verbose=true

weblogic.httpd.documentRoot=public_html/

    See Setting up WebLogic JSP to find out more about the JSP Servlet arguments.

    Also add a user to the weblogic.properties file, if you haven't already. For example, 

    weblogic.password.joeuser=joespass

  2. Copy all of the .jsp files in this directory to your JSP directory in your registered document root, for example myserver/public_html/jsp.

  3. Start the WebLogic Server in your server shell.

  4. Load the form.jsp page using a URL such as: 
      http://localhost:7001/jsp/form.jsp
  5. Enter your username and password in the dialog box and click the Login button.

there's more

Read more about JSP in the Developers Guide, Using WebLogic JSP.

Read more about WebLogic Security and authentication in the Developers Guide, Using WebLogic Realms and ACLs.

Other Developers Guides that may be of interest for the examples in this directory are:

Copyright © 1999-2000 BEA Systems, Inc. All rights reserved.

Last updated 7/18/1999