Securing the web application
Now that the authentication provider is set, we have to modify the deployment descriptors of the application to set the security properties and create a login page to let users authenticate themselves.
Modifying the web.xml descriptor file
We first need to set the security constraints by editing web.xml:
Open the
WEB-INF/web.xmlfile of the Store web application.Paste the following lines right after the
servlet-mappingtag:<security-constraint> <web-resource-collection> <web-resource-name>protected</web-resource-name> <url-pattern>/reservation.jsf</url-pattern> </web-resource-collection> <auth-constraint> <role-name>User</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsf</form-login-page> <form-error...
