How do I use Form authentication with Tomcat?
Author: Deron Eriksson
Description: This tutorial describes the use of Form authentication with Tomcat.
Tutorial created using: Windows XP || JDK 1.5.0_09 || Eclipse Web Tools Platform 1.5.1 || Tomcat 5.5.20

Page: < 1 2 3 >

(Continued from page 1)

Let's start our demo project in EclipseSW and try hitting our test servletW. Since our certificate is self-signed, we get a warning message from IE7 before the browser gets redirected to the SSL port. I clicked 'Continue to this website...'

Security certificate warning

We are greeted by our login.html file. Notice that we have been redirected to the secure port, 4321, and that the protocol is HTTPS. To test out the login-failed.html page, I'll enter an invalid username.

Logging in with incorrect credentials

If authentication fails, we're greeted by the login-failed.html page.

Login failed

Let's try again to hit our test servlet, and this time, let's enter a valid username and password that has the correct role.

Logging in with correct credentials

This time, authentication passes and we are able to hit the test servlet, which displays the request headers that the servlet read from the client request. If you look carefully, you'll notice that the 'authentication' header that was present for Basic authentication is gone.

Hitting TestServlet

If we refresh the page, you'll notice that a 'cookie' header value is present, and it contains a JSESSIONID value, indicating that Form-based authentication uses sessions for its authentication mechanism.

'cookie' header present after refresh

(Continued on page 3)

Page: < 1 2 3 >