Home/ Questions/Q 8139531
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T11:51:19+00:00

Hi I am using basic authentication method for protecting some pages in my Webapp.

  • 0

Hi I am using basic authentication method for protecting some pages in my Webapp. Which have a specified url pattern as follows:

<url-pattern>/Important/*</url-pattern>
<auth-method>BASIC</auth-method>

Now the problem is if the user logs in the normal way using a login form .The data is posted to my servlet which validates the username and password and then proceeds further. Is there a way that i could setRemoteUser in this servlet , because the authentication input appears again once the user tries to access pages in the Important folder. Is there a way that I could inform the authentication mechanism that the user has already signed in ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This is not possible. If you have actually a HTML <form> for login, then you should change the authentication method from BASIC to FORM.

    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/error.jsp</form-error-page>
    </form-login-config>
</login-config>

    You also need to make sure that your HTML <form> submits to the predefinied URL j_security_check with the username and password as predefinied parameters j_username and j_password.

    <form action="j_security_check" method="post">
    <input type="text" name="j_username" />
    <input type="password" name="j_password" />
    <input type="submit" value="login" />
</form>

    This way the container will set the login the way you need and the username will be available by getRemoteUser(). Also, any unauthenticated user who accesses the restricted URL directly will automatically be forwarded to the login page. On successful login, it will automatically be forwarded back to the initially requested page.

    Also, when using FORM authentication method on a Servlet 3.0 compatible container (Tomcat 7, Glassfish 3, etc), you will be able to programmatically login the user by the Servlet 3.0 introduced HttpServletRequest#login() method in the servlet. This allows more finer grained control over the process and validation. This isn’t possible with BASIC authentication.

    The BASIC authentication is a completely different thing. It shows a bare JavaScript look-a-like dialog with username/password inputs. This doesn’t require/use a HTML <form> or something. It also stores the authentication information in the client side which get sent as a request header on every single subsequent request. It doesn’t store the authentication information in the server side session like as FORM authentication.

    See also:

    • 0