Form Login for WebSphere Application Server 6.1

To enable a form based login (instead of a Basic Authentification) edit the web.xml of the application and add a login configuration:

<login-config id="LoginConfig_1"><auth-method>FORM</auth-method><realm-name>Example Form-Based Authentication Area</realm-name><form-login-config id="FormLoginConfig_1"><form-login-page>/login.jsp</form-login-page><form-error-page>/error.jsp</form-error-page></form-login-config></login-config>
The login.jsp contains the login form (ibm example):
<!DOCTYPE HTML PUBLIC "-//W3C/DTD HTML 4.0 Transitional//EN"><html><META HTTP-EQUIV = "Pragma" CONTENT="no-cache"><title> Security FVT Login Page </title><body><h2>Form Login</h2><FORM METHOD=POST ACTION="j_security_check"><p><font size="2"> <strong> Enter user ID and password: </strong></font><BR><strong> User ID</strong> <input type="text" size="20" name="j_username"><strong> Password </strong> <input type="password" size="20" name="j_password"><BR><BR><font size="2"> <strong> And then click this button: </strong></font><input type="submit" name="login" value="Login"></p>
</form></body></html>
the error.jsp contains an error message (ibm example):

<!DOCTYPE HTML PUBLIC "-//W3C/DTD HTML 4.0 Transitional//EN"><html><head><title>A Form login authentication failure occurred</head></title><body><h1><b>A Form login authentication failure occurred</h1></b><p>Authentication may fail for one of many reasons. Some possibilities include:<ol><li>The user-id or password may be entered incorrectly; either misspelled or thewrong case was used.<li>The user-id or password does not exist, has expired, or has been disabled.</ol></p></body></html>
So whats going on (example):
1. User is trying to access http://example.com/app/index.html
2. User get redirected to http://example.com/app/login.jsp
2.1 WAS creates a cookie called WASReqURL which contains the whished path (Value: http[s]://[:Port]/app/index.jsp)
3. User types in user-id and passwort and submits the login credentials
3.1 WAS reads the WASReqURL-Cookie and redirects the the requested path (http://example.com/app/index.html).
3.2 If the credentials are wrong WAS redirects the user to http://example.com/app/error.jsp
It is possible to edit the WASReqURL-Cookie to change the redirect path after a successful login.
Steps:
1. Read cookie Value:
  1. String url ="";
  2. String text = "";
  3. String newurl = "";
  4. //Get all cookies
  5. Cookie[] cookies = request.getCookies();
    for (int index=0; index <= cookies.length; index++) {
  6. String cookieName = cookies[index].getName();
  7. if ("WASReqURL".equals(cookieName)) {
  8. //If WASReqURL-Cookie is found, get the value and cancel for-loop urlwithoutlogging = cookies[index].getValue();
  9. break;
  10. }
  11. }
2. Set a new WASReqURL-Cookie
  1. Cookie wasrequrlcookie = new Cookie("WASReqURL",newurl));
  2. response.addCookie(wasrequrlcookie);

Links: