Home/ Questions/Q 8308921
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T18:57:02+00:00

I want to implement form based authentication in struts2. My directory structure is :

  • 0

I want to implement form based authentication in struts2.

My directory structure is :

enter image description here

My web.xml:

<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <filter>
        <filter-name>struts2</filter-name>
        <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>struts2</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <security-constraint>
        <display-name>Example Security Constraint</display-name>
        <web-resource-collection>
            <web-resource-name>Protected Area</web-resource-name>
            <url-pattern>/protected/*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>manager</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>


    <!-- Default login configuration uses form-based authentication -->
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>Example Form-Based Authentication Area</realm-name>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/error.jsp</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <description> An administrator </description>
        <role-name>
            manager
        </role-name>
    </security-role>

    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
</web-app>

my login.jsp :

<form method="POST" action="j_security_check" >
  <table border="0" cellspacing="5">
    <tr>
      <th align="right">Username:</th>
      <td align="left"><input type="text" name="j_username"></td>
    </tr>
    <tr>
      <th align="right">Password:</th>
      <td align="left"><input type="password" name="j_password"></td>
    </tr>
    <tr>
      <td align="right"><input type="submit" value="Log In"></td>
      <td align="left"><input type="reset"></td>
    </tr>
  </table>
</form>

action in struts :

<action name= "j_security_check" class="action.LoginAction" >
            <result name="success" >protected/index.jsp</result>
            <result name="error" > error.jsp </result>
            <result name="input" > login.jsp</result>
        </action>

my LoginAction.java

    public class LoginAction extends ActionSupport {

        String j_username, j_password;

        public String getJ_password() {
            return j_password;
        }

        public void setJ_password(String j_password) {
            this.j_password = j_password;
        }

        public String getJ_username() {
            return j_username;
        }

        public void setJ_username(String j_username) {
            this.j_username = j_username;
        }

        @Override
        public String execute() throws Exception {
            if (getJ_username().equals(getJ_password())) {
                return SUCCESS;
            } else {
                this.addActionError("Error..!");
                return ERROR;
            }
        }
@Override
    public void validate() {
        if ((getJ_username() == null) || (getJ_username().length() == 0)) {
            this.addActionError("Username Empty");
        }
        if ((getJ_password() == null) || (getJ_password().length() == 0)) {
            this.addActionError("Password Empty");
        }
    }

With this i am When i insert same loginid and password, yet i redirected to the error page..

Can someone give a good link for the same..?

The example should contain a protected folder, an action class for login..

thanks..

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You will have to provide username and password combination that corresponds to a user who has already been created in the file realm of the GlassFish Server and has been assigned to the group of manager.

    Here is a link on how to create a File realm.

    Here is a link on how to create a jdbc security realm.

    Here is a working example. You can check if it matches with your code.

    Here is a link to better understand form-based authentication.

    Hope this helps. 🙂

    EDIT:

    The idea behind form based authentication is that you write a JSP or Servlet that presents a form with the following fields and action:

    <form action="j_security_check" method="post">
    <input type="text" name="j_username"/>
    <input type="password" name="j_password"/>
    <input type="submit"/>
</form>

    When the form is submitted, the servlet container checks the credentials for you using the mechanism you’ve defined (e.g. JAAS). In your web.xml, you set the following:

    <login-config>
    <form-login-check>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/error.jsp</form-error-page>
    </form-login-check>
</login-config>

    This allows the container to locate the JSP or Servlet containing your form, or your error handling code.

    • 0