Many websites feature pages that require access control. To gain access, users must authenticate; that is, they must state who they are and prove it. The most common way to support this is to present a username/password login form to the user. This approach not only provides reasonably good security, but it also is practical to implement. A better approach may be to display a login form in a fixed location on every page until the user logs in.
With a fixed login form, the login fields are built into a page header or some other fixed location on a main page. Rather than using a separate login page, this approach highlights the fact that a site supports user registrations and logins, and it allows the user to log in with one fewer click.
"Implement a Fixed Login Form," an excerpt from an Early Access version of Spring in Practice, explains how to implement a fixed login form with Spring. You will learn how to use Spring Security and Sitemesh to create a sample app with a fixed login form. The sample app uses Spring Security 2.0.4 (including the Spring Security tag libraries), Spring 2.5.6, Servlet 2.5, and a container that supports Servlet 2.5 (e.g., Tomcat 6, Jetty 6), the JSTL 1.2 c tag library, JSP EL, and Sitemesh 2.4.1. Though the example uses Spring 2.5.6, the technique should work with Spring 2.0.x and Spring 3 as well.
Download the PDF to get the full excerpt of "Implement a Fixed Login Form" from an Early Access version of Spring in Practice.
Courtesy of Manning Publications. All rights reserved.
About the AuthorsWillie Wheeler is an IT Director for the Apollo Group. He has 11 years of experience in Java/Java EE development, including four years with the Spring Framework. He has published technical articles and speaks on Spring and other topics.
John Wheeler develops Java software using the Spring Framework for the government, education, and private sectors. He has published technical articles and speaks on Spring and other topics.