Configuring a custom form login page
Liberty provides the ability to define a custom form login page for users to submit authentication credentials.
About this task
You can customize your own custom form login page, but you must implement this page in the
required form-based authentication format as specified in the Servlet 3.0 specification. In all
forms, the action on the
form element must be
The action must use the j_username input field to get the user name and the
j_password input field to get the user password in forms supporting
authentication schemes that require a user name and password. The custom form login page must be
provided as an unprotected web resource. You can set this login page at the global server level,
which applies to all applications deployed to the server. Alternatively, you can specify the login
page for individual applications.
Specify the following form elements in the form login page that expects a user name and
<FORM action="j_security_check" method="POST"> User name: <INPUT type="text" name="j_username"><br> Password: <INPUT type="password" name="j_password"><br> <INPUT type="submit" name="action" value="Login"> </FORM>
Configure the login form for use by applications on the server.
Two possible configurations exist for a form login page in an application that is deployed to the server. You can configure the custom login page for use in a single application, or you can configure the page as a global login form that is used for all applications that are deployed to the server.
Configure a login form for a single application.
You can configure individual applications to direct users to a specific form login page by configuring the web.xml file that is packaged with the application.
Specify the path to the login page in the web.xml file that is packaged with the application; for example:
<login-config> <auth-method>FORM</auth-method> <realm-name>MyRealm</realm-name> <form-login-config id="FormLoginConfig_1"> <form-login-page>login.jsp</form-login-page> <form-error-page>loginError.jsp</form-error-page> </form-login-config> </login-config>
To see how to customize and package a form login page, refer to Customizing web application login.
Configure a global login form and an error page that
includes the root context.
Both pages must be part of a WAR file. If a form login application does not specify the form login and the error page in the web.xml file, the following global settings are used:
<webAppSecurity loginFormURL="myGlobalFormLogin/myLogin.jsp" loginErrorURL="myGlobalErrorPage/myError.jsp"/>
- Configure a login form for a single application.
- Optional: Configure a custom form login page for OpenID.
- Optional: Configure a custom form login page for OAuth.