Custom Authenticator with FormLogin and UserInRole

From Resin 3.0

Revision as of 10:36, 21 October 2011 by Pcowan (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Contents

WEB-INF/resin-web.xml

  <web-app xmlns="http://caucho.com/ns/resin"
        xmlns:resin="urn:java:com.caucho.resin"
        xmlns:qa="urn:java:qa">

   <qa:TestAuthenticator/>

   <resin:FormLogin form-login-page="/login.jsp"
                    form-error-page="/error.jsp"/>

   <resin:Allow url-pattern="/admin/*">
     <resin:IfUserInRole role="admin"/>
   </resin:Allow>
 </web-app>

test.MyAuthenticator

package qa;

import java.security.*;

import com.caucho.security.*;

public class TestAuthenticator extends AbstractAuthenticator {
  @Override
  public Principal authenticate(Principal principal, char []password)
  {
    if (principal.getName().equals("harry")
        && "quidditch".equals(new String(password))) {
      return new MyPrincipal("harry");
    }
    else {
      return null;
    }
  }

  @Override
  public boolean isUserInRole(Principal user, String role)
  {
    return "admin".equals(role)
           && user != null && user.getName().equals("harry");
  }
}

login.jsp

<html>
<form url='j_security_check'>
User: <input type='text' name='j_username'><br>
Password: <input type='password' name='j_password'><br>
<input type='submit'>
</form>
</html>

error.jsp

 <html>
 <h1>failed login</h1>
User: <input type='text' name='j_username'><br>
Password: <input type='password' name='j_password'><br>
<input type='submit'>
</form>
</html>
Personal tools