5.11.1 Implementation of tag library-based login session
When the integrated user management framework is used to perform user authentication, the process must be implemented that uses a servlet or JSP to invoke the login module at the time of login. The settings must be stored in the JAAS configuration file to use login modules. For details about the JAAS configuration file settings, see 14.2.1 jaas.conf (JAAS configuration file).
To use the JSP <ua:login/> tag for login, the com.cosminexus.admin.auth.name and com.cosminexus.admin.auth.password parameters must be set in the HTTP request object. First, prepare the following login form so that the parameters can be set up.
<html> <body> <form action="auth.jsp" method="post"> <table> <tr> <td>username</td> <td><input type="text" name="com.cosminexus.admin.auth.name" /></td> </tr> <tr> <td>password</td> <td><input type="password" name="com.cosminexus.admin.auth.password" /> </td> </tr> </table> <br /> <input type="submit" value="Login" /> <input type="reset" value="Reset" /> </form> </body> </html>
Next use the <ua:login/> tag and the authentication module specified in the "Portal" entry of the JAAS configuration file to log in.
<%@ taglib uri="http://cosminexus.com/admin/auth/uatags" prefix="ua" %> <%@ page errorPage="error.jsp" %> <ua:login id="lc" entry="Portal" /> ...
Due to the tag library specification, all exceptions that occurred during the tag process are regarded as JspException. To more minutely detect exceptions that occurred during the processing of the <ua:login/> tag, use the <ua:exception>Body </ua:exception> tag. In the following example, the exception is transferred to the exception detection JSP (loginError.jsp).
<%@ taglib uri="http://cosminexus.com/admin/auth/uatags" prefix="ua" %> <ua:login id="lc" entry="Portal" excepId="ex" excepScope="session" /> <ua:exception name="ex" ><jsp:forward page="loginError.jsp" /></ua:exception> ...
Based on the exception, the exception detection JSP (loginError.jsp) selects the message to be returned.
<%@ page contentType="text/html; charset=Shift_JIS" %> <%@ taglib uri="http://cosminexus.com/admin/auth/uatags" prefix="ua" %> <html> <body> <ua:exception name="ex" type="javax.security.auth.login.FailedLoginException"> The user ID or password is incorrect.<br /> </ua:exception> <ua:exception name="ex" type="javax.security.auth.login.AccountExpiredException"> The account has expired.<br /> </ua:exception> <ua:exception name="ex" type="javax.security.auth.login.CredentialExpiredException"> The password has expired.<br /> </ua:exception> <ua:exception name="ex" > An exception occurred.<br /> <%= ex.toString() %><br /> </ua:exception> </body> </html>
- Tip
-
By adding the <ua:notLogin>Body</ua:notLogin> tag at the top of each JSP page, you can check the login status before processing the JSP page.
<%@ page contentType="text/html; charset=Shift_JIS" %> <%@ taglib uri="http://cosminexus.com/admin/auth/uatags" prefix="ua" %> ... <ua:notLogin> <a href="login.html">Please log in.</a> </ua:notLogin> ...