Hi,

Jay SenSharma

Jay SenSharma

Here is a Simple Demonstration of Using Form Based Authentication to protect some resources which are available as part of our Application. In this demonstration we will see that if we have a Folder with any name like “protected” insode our application and if we want all the contents available in that directory must be accessed only be the Authenticated Users Only. In that case we can follow the below Sample.

Step1). Start WebLogic Server and Create a User with name “testuser”    and password as “testpassword” in the Security realm of the Server.
Home—> Security Realms–> myrealm –> Users and Groups(Tab) –> Users (Sub tab)

The username can be “testuser” but that user must belong to “admin” group. So in the Admin console first create a group with name “admin” and then add the “testuser” to it.

This demo can be found at:
https://github.com/jaysensharma/MiddlewareMagicDemos/tree/master/WebLogic/Security/FormBasedAuthDemo.war

Step2). We are going to develop a Simple WebApplication with Security Constraints. So first of all create a Directry somewhere in your file system.
Example: C:\\FormBasedApp

Step3).Now provide a “welcome.jsp” page inside “C:FormBasedApp”

<html>
<body>
<center>
<h1> Welcome Page </h1>
<h3><font color=maroon><a href="protected/protected.jsp">Access Protected Resource</a></font></h3>
</center>
</body>
</html>

Step4).Provide “login.jsp” page inside “C:FormBasedApp” like following:

<html>
  <head>
    <title>FormBased Authentication Demo in WebLogic Sample</title>
  </head>
<body bgcolor=maroon text=white>
  <center>
  <h2>Please Enter Your UserName & Password (FormBased Auth Example)</h2>
    <form method="GET" action="j_security_check">
       <table border=5%> 
        <tr>
         <td>Username:</td>
         <td><input type="text" name="j_username"></td>
        </tr>

        <tr>
         <td>Password:</td>
         <td><input type="password" name="j_password"></td>
        </tr>

        <tr>
         <td colspan=2 align=right><input type=submit value="Submit"></td>
        </tr>
      </table>
    </form>
</center>
</body>
</html>

Step5). Provide the “failedlogin.html” page inside “C:FormBasedApp” like following:

<html>
  <body>
    <center>
      <h1><font color=red>SORRY!!!</font> U are Not Authorized To Access The Resources.
      <BR>Please Login With valid Credentials.</h1>
    </center>
  </body>
</html>

Step6). Create a Directory “protected” inside “C:FormBasedApp” and then devalope a Secure JSP Page inside “C:FormBasedAppprotected” with some name like “protected.jsp” as following:

<html>
  <head></head>
  <body>
   <center>
     <h1> Protected Page </h1>
     <b><font color=maroon>Congrates!!! Your Login Is Successful...U are able to access the Secure Page.</font></b><BR>
        __________________________***_________________________
   </center>
  </body>
</html>

Step7). Create “WEB-INF” directory inside “C:FormBasedApp” and then provide the “web.xml” file inside “C:FormBasedAppWEB-INF” as following :

<?xml version="1.0"?>
<web-app version="2.5"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

	<welcome-file-list>
		<welcome-file>welcome.jsp</welcome-file>
	</welcome-file-list>

	<security-constraint>
		<display-name>Constraint-0</display-name>
		<web-resource-collection>
			<web-resource-name>Constraint-0</web-resource-name>
			<url-pattern>/protected/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>admin</role-name>
		</auth-constraint>
		<user-data-constraint>
			<transport-guarantee>NONE</transport-guarantee>
		</user-data-constraint>
	</security-constraint>

	<login-config>
		<auth-method>FORM</auth-method>
		<realm-name>myrealm</realm-name>
		<form-login-config>
			<form-login-page>/login.jsp</form-login-page>
			<form-error-page>/failedlogin.jsp</form-error-page>
		</form-login-config>
	</login-config>

	<security-role>
		<role-name>admin</role-name>
	</security-role>
</web-app>

Step8). Now Provide the “weblogic.xml” file inside “C:FormBasedAppWEB-INF” as following :

<?xml version='1.0' encoding='UTF-8'?>
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <security-role-assignment>
     <role-name>admin</role-name>
     <principal-name>testuser<</principal-name>
   </security-role-assignment>
</weblogic-web-app>

Step9). Deploy the “C:FormBasedApp” application in the Server. then Hit the URL. http://localhost:7001/FormBasedApp/

NOTE: Please do not try this Sample in “Internet Explorer 7″…better if u use FireFox Browser to test this application because If you enter a Wrong User name & Password then IE7 will display Error Page 403 rather than displaying the “failedlogin.html”…But the Same Program works fine in FireFox….Looks like some issue with IE7.

If you want to work in IE-7 only then  Open IE7 browser then do the following :

Tools ——-> Internet Options ——> Advanced (Tab)     In this page just UNCHECK   “Uncheck Show Friendly HTTP Error Messages”    Checkbox.

.
.
Thanks
Jay SenSharma

If you enjoyed this post, please considerleaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.