This is not possible. If you have actually a HTML <form>
for login, then you should change the authentication method from BASIC
to FORM
.
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
You also need to make sure that your HTML <form>
submits to the predefinied URL j_security_check
with the username and password as predefinied parameters j_username
and j_password
.
<form action="j_security_check" method="post">
<input type="text" name="j_username" />
<input type="password" name="j_password" />
<input type="submit" value="login" />
</form>
This way the container will set the login the way you need and the username will be available by getRemoteUser()
. Also, any unauthenticated user who accesses the restricted URL directly will automatically be forwarded to the login page. On successful login, it will automatically be forwarded back to the initially requested page.
Also, when using FORM
authentication method on a Servlet 3.0 compatible container (Tomcat 7, Glassfish 3, etc), you will be able to programmatically login the user by the Servlet 3.0 introduced HttpServletRequest#login()
method in the servlet. This allows more finer grained control over the process and validation. This isn't possible with BASIC
authentication.
The BASIC
authentication is a completely different thing. It shows a bare JavaScript look-a-like dialog with username/password inputs. This doesn't require/use a HTML <form>
or something. It also stores the authentication information in the client side which get sent as a request header on every single subsequent request. It doesn't store the authentication information in the server side session like as FORM
authentication.
See also: