Custom Authenticator with FormLogin and UserInRole

From Resin 3.0

(Difference between revisions)
Jump to: navigation, search
Line 59: Line 59:
  
 
   <html>
 
   <html>
   <h1>failed login</h1>
+
   &lt;h1>failed login&lt;/h1>
 
  User: <input type='text' name='j_username'><br>
 
  User: <input type='text' name='j_username'><br>
 
  Password: <input type='password' name='j_password'><br>
 
  Password: <input type='password' name='j_password'><br>

Revision as of 19:34, 15 November 2010


WEB-INF/resin-web.xml

  <web-app xmlns="http://caucho.com/ns/resin"
        xmlns:resin="urn:java:com.caucho.resin"
        xmlns:qa="urn:java:qa">

   <qa:TestAuthenticator/>

   <resin:FormLogin form-login-page="/login.jsp"
                    form-error-page="/error.jsp"/>

   <resin:Allow url-pattern="/admin/*">
     <resin:IfUserInRole role="admin"/>
   </resin:Allow>
 </web-app>

test.MyAuthenticator

package qa;

import java.security.*;

import com.caucho.security.*;

public class TestAuthenticator extends AbstractAuthenticator {
  @Override
  public Principal authenticate(Principal principal, char []password)
  {
    if (principal.getName().equals("harry")
        && "quidditch".equals(new String(password))) {
      return new MyPrincipal("harry");
    }
    else {
      return null;
    }
  }

  @Override
  public boolean isUserInRole(Principal user, String role)
  {
    return "admin".equals(role)
           && user != null && user.getName().equals("harry");
  }
}

login.html

<html>
<form url='j_security_check'>
User: <input type='text' name='j_username'>
Password: <input type='password' name='j_password'>
<input type='submit'> </form> </html>

=== error.html

 <html>
 <h1>failed login</h1>
User: <input type='text' name='j_username'>
Password: <input type='password' name='j_password'>
<input type='submit'> </form> </html>
Personal tools