1. Create Test.html
  2. Create CustomLogin.html
  3. Create Error.html
  4. Create FirstServet class
  5. Configure FirstServlet in web.xml
  6. Add security related tags to web.xml
  7. Add role,username & password in tomcat-users.xml
  8. Deploy & Run the application

Create Login.html(for Accessing FirstServlet)

<html>
<head>
<title>LOGIN PAGE</title>
</head>
<body>
	<form action="/WebSecurity/FirstServlet" method="post">

		Enter Text:<input type="text" name="text"> 
                <input 	type="submit">
	</form>
</body>
</html>

Create CustomLogin.html

<html>
<head>

<title>LOGIN PAGE</title>
</head>
<body>
<h3>Java2Learn</h3>
	<form action="j_security_check">

		Enter Name:<input type="text" name="j_username"> <br>
		Enter password:<input type="password" name="j_password">
		<input	type="submit">
	</form>
</body>
</html>

Create Error.html

<html>
<head>

<title>ERROR PAGE</title>
</head>
<body>
<h3>Your credentials are invalid,please provide valid credentials</h3>
</body>
</html>

Create FirstServet class

package com.java2learn.servlet;

import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class FirstServlet extends HttpServlet {

	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		PrintWriter out = response.getWriter();

		out.println("<h1>GET:After authentication only we can access the Servlet.</h1>");
	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		PrintWriter out = response.getWriter();

		out.println("<h1>POST:After authentication only we can access the Servlet.</h1>");
	}

}

Configure FirstServlet in web.xml

	<servlet>
		<description></description>
		<display-name>FirstServlet</display-name>
		<servlet-name>FirstServlet</servlet-name>
		<servlet-class>com.java2learn.servlet.FirstServlet</servlet-class>
	</servlet>
	<servlet-mapping>
		<servlet-name>FirstServlet</servlet-name>
		<url-pattern>/FirstServlet</url-pattern>
	</servlet-mapping>

Add security related tags to web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	id="WebApp_ID" version="2.5">
	<display-name>WebSecurity</display-name>

	<servlet>
		<description></description>
		<display-name>FirstServlet</display-name>
		<servlet-name>FirstServlet</servlet-name>
		<servlet-class>com.java2learn.servlet.FirstServlet</servlet-class>
	</servlet>
	<servlet-mapping>
		<servlet-name>FirstServlet</servlet-name>
		<url-pattern>/FirstServlet</url-pattern>
	</servlet-mapping>

	<security-constraint>
		<web-resource-collection>
			<web-resource-name>FirstServlet</web-resource-name>
			<description></description>
			<url-pattern>/FirstServlet</url-pattern>
			<http-method>POST</http-method>
			<http-method>GET</http-method>
		</web-resource-collection>

		<auth-constraint>
			<role-name>javaRole</role-name>
		</auth-constraint>
	</security-constraint>
<!--This configuration will differ from previous example-->
	<login-config>
		<auth-method>FORM</auth-method>
		<form-login-config>
			<form-login-page>/CustomLogin.html</form-login-page>
			<form-error-page>/Error.html</form-error-page>
		</form-login-config>
	</login-config>

	<security-role>
		<role-name>javaRole</role-name>
	</security-role>

</web-app>

Add role,username & password in tomcat-users.xml

path:Tomcat 6.0\conf\tomcat-users.xml

<tomcat-users>
 <role rolename="javarole"/>
 <user username="user1" password="tomcat" roles="javarole"/>
 <user username="user2" password="tomcat" roles="javarole,role1"/>
</tomcat-users>

Final Project Structure

ProjectStructure

Deploy & Run the application

Output1

Output2

Invalid credentials
Output3

Output4
Valid credentials
Output5
Output6

Download Project: WebSecurity