Form-based security sample is now working

Author: arun-gupta

servlet/form-based-security/src/main/java/org/javaee7/servlet/form/based/security/SecureServlet.java

@@ -45,23 +45,28 @@
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
          version="3.1">
-    <deny-uncovered-http-methods/>
+    <!--<deny-uncovered-http-methods/>-->
+    <servlet>
+        <display-name>index</display-name>
+        <servlet-name>index</servlet-name>
+        <jsp-file>/index.jsp</jsp-file>
+    </servlet>
     <security-constraint>
         <web-resource-collection>
             <web-resource-name>SecurityConstraint</web-resource-name>
             <url-pattern>/*</url-pattern>
-            <!--<http-method>GET</http-method>-->
         </web-resource-collection>
         <auth-constraint>
             <role-name>g1</role-name>
         </auth-constraint>
         <user-data-constraint>
-            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+            <transport-guarantee>NONE</transport-guarantee>
         </user-data-constraint>
     </security-constraint>
 
     <login-config>
         <auth-method>FORM</auth-method>
+        <realm-name>file</realm-name>
         <form-login-config>
             <form-login-page>/loginform.jsp</form-login-page>
             <form-error-page>/loginerror.jsp</form-error-page>

servlet/form-based-security/src/main/webapp/WEB-INF/web.xml

@@ -47,18 +47,11 @@
 <html>
     <head>
         <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-        <title>Servlet Form-Based Security</title>
+        <title>Servlet Form-Based Security - Success</title>
     </head>
     <body>
-        <h1>Servlet Form-Based Security</h1>
-
-        <form method="POST" action="j_security_check">
-            <input type="text" name="j_username">
-            <input type="password" name="j_password" autocomplete="off">
-            <input type="button" value="submit">
-        </form>
-
-        <p>Make sure to invoke "./bin/asadmin create-file-user --groups g1 u1" and use the password "p1" when prompted.
-            Then call the <a href="${pageContext.request.contextPath}/SecureServlet">GET</a> method.<br/>
+        <h1>Servlet Form-Based Security- Success</h1>
+        
+        If you reached this page that means form-based security credentials are correctly configured.
     </body>
 </html>

servlet/form-based-security/src/main/webapp/index.jsp

@@ -55,9 +55,12 @@
         <h2>Invalid user name or password.</h2>
 
         <p>Please enter a user name or password that is authorized to access this 
-            application. For this application, make sure to invoke: <p><p>
-            "./bin/asadmin create-file-user --groups g1 u1" and use the password "p1" when prompted.<p><p>
-            Click here to <a href="/index.jsp">Try Again</a></p>
+            application. For this application, make sure to create a user: <p><p>
+        
+        For WildFly: Invoke "./bin/add-user.sh -a -u u1 -p p1 -g g1"<br>
+        For GlassFish: Invoke "./bin/asadmin create-file-user --groups g1 u1" and use the password "p1" when prompted.<br><br>
+
+        Click here to <a href="index.jsp">Try Again</a></p>
 
     </body>
 </html>

servlet/form-based-security/src/main/webapp/loginerror.jsp

@@ -53,12 +53,11 @@
         <h1>Form-Based Login Page</h1>
 
         <form method="POST" action="j_security_check">
-            <input type="text" name="j_username">
-            <input type="password" name="j_password" autocomplete="off">
-            <input type="button" value="submit">
+            Username: <input type="text" name="j_username"> <p/>
+            Password: <input type="password" name="j_password" autocomplete="off"> <p/>
+            <input type="submit" value="Submit">
+            <input type="reset" value="Reset">
         </form>
 
-        <p>Make sure to invoke "./bin/asadmin create-file-user --groups g1 u1" and use the password "p1" when prompted.
-            Then call the <a href="${pageContext.request.contextPath}/SecureServlet">GET</a> method.<br/>
     </body>
 </html>