How To Set Up a Login Page
Implementing a login page for a web application is almost trivial, but it's a key part in creating a secure website. Although much more effort is needed in truly securing your application, simply requiring users to log in is the first step in protecting your data from prying eyes. By forcing users to sign into your site, you also can customize their experience with user-specific themes or functions and track their movements throughout your application for targeted marketing or even simple bug tracking.
Other People Are Reading
Things You'll Need
- Java development environment (such as Eclipse or similar editing/build utility)
- Web application server (such as Apache Tomcat)
Instructions
-
Creating the Page
-
1
Create a new Java Server Page (JSP) in your editor of choice. Name it something appropriate, such as "login.jsp".
-
2
Add the following form to your login.jsp file:
<form action="/LoginServlet" method="POST">
User Name: <input type="text" name="user_name" /><br />
Password: <input type="password" name="pwd" /><br />
<input type="submit" value="Login" />
</form>
(Note that the actual servlet--LoginServlet--is not created yet; if you test this out, you'll likely get a "Page Not Found" error).
-
-
3
Save your page. You can test it in a browser if you'd like, but there's no functionality at the moment; you'll get an error if you try to submit it.
-
4
Create two additional pages for testing purposes. Name one "success.html" and the other "failure.html". Because these are strictly for testing at the moment, you can put whatever content you like in them; just make sure the difference between the two is obvious so you're sure which one you end up at.
Create the Servlet
-
5
Create a new Java servlet named "LoginServlet". If you're using an integrated development environment (IDE) such as Eclipse or NetBeans, this should be fairly trivial.
-
6
Override the "doPost" method in your LoginServlet as such:
public override doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
String userName = req.getParameter("user_name");
String password = req.getParameter("pwd");
if ("bob".equals(userName) && "testing".equals(password)) {
res.redirect("/success.html");
} else {
res.redirect("/failure.html");
}
}
-
7
Build and test your page by going to your initial login.jsp in your browser. If you enter "bob" and "testing" for your user name and password, respectively, you should end up at "success.html"; if you enter something different, you should end up at "failure.html".
-
1
Tips & Warnings
In a "real" system, you should pull your user information from a data store of some kind (i.e. an SQL database) and compare against that instead of hard-coded values.
Consider storing successfully logged in users in a session of some kind to ensure they always have access to where they're allowed access to.
You may want to return your user to the login page if the login attempt failed and provide a message to them instead of redirecting them to another page altogether.
If you have problems submitting the form, you may need to manually edit either the form's action attribute or your web application's web.xml file to configure how the servlet is requested.
References
Resources
- Photo Credit lock image by Dwight Davis from Fotolia.com
