Simple webapp with FORM authentication and SSL

This post is similar to Simple webapp with BASIC authentication, except that this one uses form-based authentication and ssl. The required steps are as follows:

(1) configure roles and other security aspects in web.xml;

(2) administratively create the users in application server;

(3) map the roles declared in step 1 to users created in step 2, with appserver-specific descriptor;

(4) create login form for entering username and password, and error form for displaying after failed login.

This test webapp contains the servlet class, web.xml, sun-web.xml, login.html, and error.html:


package test;

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class TestServlet extends HttpServlet {
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
PrintWriter out = response.getWriter();
out.println("Hello from " + getServletName());

protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);

protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"



<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<title>Login Form</title>
<form method="POST" action="j_security_check" >
<p>username: <input type="text" name="j_username" ></p>
<p>password: <input type="password" name="j_password" ></p>

<input type="submit" value="Submit" >
<input type="reset" value="Reset" >

<title>Invalid user name or password</title>
<a href="login.html">Login again</a>

To create the user in GlassFish (this is the user name and password that will be entered when running it):
$ $GLASSFISH_HOME/bin/asadmin create-file-user --group user joe
Compile TestServlet class and jar up *.class, *.html and *.xml into a test.war:
Copy it to $GLASSFISH_HOME/domains/domain1/autodeploy directory to deploy it. To run it go to the url http://localhost:8181/test/TestServlet. After entering the username and password, the following response is displayed:
Hello from TestServlet
If the wrong user name / password is entered, error.html will be displayed with a link to login.html for retry. 8181 is the default ssl port in GlassFish. If you use the non-secure port number 8080 in the test url, GlassFish will automatically redirect to 8181. The browser may display a warning since a self-signed cert (as opposed to one issued by certificate authority) is used to identify the GlassFish server.


Tony said...

can you specificate how to do (2) point please?
Thank you very much

javahowto said...

$GLASSFISH_HOME/bin/asadmin create-file-user

In Tomcat, a bunch of users are already created, see conf/tomcat-users.xml

Steve Smith said...

Great and Useful Article.

Online Java Training

Java Online Training India

Java Online Course

Java EE course

Java EE training

Best Recommended books for Spring framework

Java Interview Questions

Java Course in Chennai

Java Online Training India