You want to design your own form to receive the user's name and password during BASIC authentication.
element in the deployment
descriptor and give its
element a value of
The servlet API offers an alternative to using plain-vanilla BASIC authentication: form-based authentication. This method allows you to design your own form for receiving the user's name and password, as well as specifying the informative page that the servers send to the client if the user's authentication fails. This gives you the ability to provide a much more friendly and customized user interface for applications involving BASIC authentication.
The form-based method should still be combined with SSL and the HTTPS protocol so that the names and passwords are encrypted as they travel through the network.
shows the form-based
setup for the web
descriptor. It differs
setup in one area: the
element, which is
emphasized in the
following code sample.
Example 15-5. The web.xml elements designed for form-based authentication
<!-- Beginning of web.xml deployment descriptor --> <security-constraint> <web-resource-collection> <web-resource-name>JSP database component</web-resource-name> <url-pattern>/sqlJsp.jsp</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>dbadmin</role-name> ...