Name
<login-config>
Synopsis
The <login-config>
element
declares which authentication method
to use for protected resources. You must use only one element of this
type in a deployment descriptor.
Syntax
<login-config> [<auth-method>BASIC|DIGEST|FORM|CLIENT-CERT</auth-method>] [<realm-name>realmName
</realm-name>] [<form-login-config> <form-login-page>loginPagePath
</form-login-page> <form-error-page>errorPagePath
</form-error-page> </form-login-config>] </login-config>
For an application that uses the
<security-constraint>
element to protect
resources, you must also define how to authenticate users with a
<login-config>
element. It can contain three
subelements: <auth-method>
,
<realm-name>
, and
<form-login-config>
:
<login-config> <auth-method>BASIC</auth-method> <realm-name>Protected pages</realm-name> </login-config>
The <auth-method>
element can have one of
the values BASIC
, DIGEST
,
FORM
, and CLIENT-CERT
,
corresponding to the four container-provided authentication methods
described in
Chapter 5. The <realm-name>
element can specify the name shown by the browser when it prompts for
a password when the BASIC
authentication is used.
If FORM
authentication is used, the
<form-login-config>
element defines the
login page and an error pages (used for invalid login attempts):
<login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login/login.html</form-login-page> <form-error-page>/login/error.html</form-error-page> </form-login-config> </login-config>
For more about ...
Get JavaServer Faces now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.