|+ ${TOMCAT_HOME} |+ webapps |+ auth |+ WEB-INF |+ web.xml |+ jsp |+ index.jsp |+ login.jsp |+ error.jsp
<role rolename="tomcat"/> <user username="tomcat" password="tomcat" roles="tomcat"/>
<?xml version="1.0" encoding="ISO-8859-1"?> <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" version="4.0" metadata-complete="true"> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <security-constraint> <web-resource-collection> <web-resource-name>Web Resource - Allow GET method</web-resource-name> <url-pattern>/jsp/*</url-pattern> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>tomcat</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>tomcat</role-name> </security-role> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/jsp/login.jsp</form-login-page> <form-error-page>/jsp/error.jsp</form-error-page> </form-login-config> </login-config> </web-app>
<html> <head> <title>Index Page</title> </head> <body> User: <b><%= request.getRemoteUser() %> </body> </html>
<html> <head> <title>Login Page</title> </head> <body> <form method="POST" action='<%= response.encodeURL("j_security_check") %>'> <table cellspacing="5"> <tr> <th align="right">Username:</th> <td align="left"><input type="text" name="j_username"></td> </tr> <tr> <th align="right">Password:</th> <td align="left"><input type="password" name="j_password"></td> </tr> <tr> <td align="right"><input type="submit"></td> <td align="left"><input type="reset"></td> </tr> </table> </form> </body> </html>
<html> <head> <title>Error Page</title> </head> <body> Invalid username/password! </body> </html>
GET /auth/jsp/ HTTP/1.1 Host: localhost:8080 ...
HTTP/1.1 200 Set-Cookie: JSESSIONID=0092B8A71FDB1DAAA5C737582A201459;path=/abc/;HttpOnly ...
POST /auth/jsp/j_security_check;jsessionid=0092B8A71FDB1DAAA5C737582A201459 HTTP/1.1 Host: localhost:8080 Cookie: JSESSIONID=0092B8A71FDB1DAAA5C737582A201459 j_username=tomcat&j_password=tomcat ...
HTTP/1.1 200 Location: http://localhost:8080/auth/jsp/ ...
GET /auth/jsp/ HTTP/1.1 Host: localhost:8080 Cookie: JSESSIONID=0092B8A71FDB1DAAA5C737582A201459 ...
HTTP/1.1 200 Set-Cookie: JSESSIONID=89F7D6BB78A0059B4570B1DF49B496EB;path=/abc/;HttpOnly ...