Sun Java System Web Server 7.0 Developer's Guide to Java Web Applications

Form-Based Login

The login screen's look and feel cannot be controlled with the HTTP browsers built-in mechanisms. Java EE can to package a standard HTML or servlet JSP based form for logging in. The login form is associated with a web protection domain and is used to authenticate previously unauthenticated users.

Because passwords are sent unless protected by the underlying transport, this authentication type is not very secure. Use of SSL or another equivalent transport encryption to protect the password during transmission.

For the authentication to proceed appropriately, the login form action must always be j_security_check. For more information, see Chapter 4, Developing Servlets.

The following HTML sample shows how to program the form in an HTML page:

<form method="POST" action="j_security_check">
        <input type="text" name="j_username">
         <input type="password" name="j_password">


You can specify the parameter encoding for the form. For details, see parameter-encoding Element.