How do I use Form authentication with Tomcat?
Author: Deron Eriksson
Description: This tutorial describes the use of Form authentication with Tomcat.
Tutorial created using: Windows XP || JDK 1.5.0_09 || Eclipse Web Tools Platform 1.5.1 || Tomcat 5.5.20
(Continued from page 1)
Let's start our demo project in EclipseSW and try hitting our test servletW. Since our certificate is self-signed, we get a warning message from IE7 before the browser gets redirected to the SSL port. I clicked 'Continue to this website...'
We are greeted by our login.html file. Notice that we have been redirected to the secure port, 4321, and that the protocol is HTTPS. To test out the login-failed.html page, I'll enter an invalid username.
If authentication fails, we're greeted by the login-failed.html page.
Let's try again to hit our test servlet, and this time, let's enter a valid username and password that has the correct role.
This time, authentication passes and we are able to hit the test servlet, which displays the request headers that the servlet read from the client request. If you look carefully, you'll notice that the 'authentication' header that was present for Basic authentication is gone.
If we refresh the page, you'll notice that a 'cookie' header value is present, and it contains a JSESSIONID value, indicating that Form-based authentication uses sessions for its authentication mechanism.
(Continued on page 3)