Specifications
43ADOBE FLEX 3
Building and Deploying Adobe Flex 3 Applications
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
</web-app>
When the browser tries to load a resource that is secured by constraints in the web.xml file, the browser either
challenges the user (if you are using BASIC authentication) or forwards the user to a login page (with FORM
authentication).
With BASIC authentication, the user enters a username and password in a popup box that the browser creates. To
specify that an application uses BASIC authentication, you use the
login-config element and its auth-method
subelement in the web application’s web.xml file, as the following example shows:
<web-app>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Managers</realm-name>
</login-config>
...
</web-app>
With FORM authentication, you must code the page that accepts the username and password, and submit them
as FORM variables named
j_username and j_password. This form can be implemented in HTML or as a Flex
application or anything that can submit a form.
When you configure FORM authentication, you can specify both a login form and an error form in the web.xml
file, as the following example shows:
<web-app>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.htm</form-login-page>
<form-error-page>/loginerror.htm</form-error-page>
</form-login-config>
</login-config>
</web-app>
You submit the results of the form validation to the j_security_check action. The server executing the appli-
cation recognizes this action and processes the form.
A simple HTML-based form might appears as follows:
<form method="POST" action="j_security_check">
<table>
<tr><td>User</td><td><input type=text name="j_username"></tr>
<tr><td>Password</td><td><input type=password name="j_password"></tr>