2.5.2. Form Authentication
If you want to enable HTTP Form Authentication, configure the
AuthenticationFilter as follows:
<filter> <filter-name>AuthenticationFilter</filter-name> <filter-class>org.picketlink.authentication.web.AuthenticationFilter</filter-class> <!-- Configure HTTP FORM Authentication Scheme --> <init-param> <param-name>authType</param-name> <param-value>FORM</param-value> </init-param> <!-- The login page. --> <init-param> <param-name>form-login-page</param-name> <param-value>login.xhtml</param-value> </init-param> <!-- The error page. --> <init-param> <param-name>form-error-page</param-name> <param-value>error.xhtml</param-value> </init-param> </filter> <!-- Defines which URLs should be protected by this filter --> <filter-mapping> <filter-name>AuthenticationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
When using this authentication scheme, you should provide a login page as follows:
<form method="POST" action="j_security_check"> <input type="text" name="j_username"/> <input type="password" name="j_password"/> <input type="submit" name="login" value="Login"/> </form>
Table 2.3. Initialization Parameters
| Configuration | Description |
|---|---|
form-login-page
| Specifies the login page. |
form-error-page
| Specifies the error page. The client will be redirected to this page if the authentication fails. |