1.web.xml
<!-- JAAS认证 -->
<security-constraint>
<web-resource-collection>
<web-resource-name>protected-resource</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.action</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>NEOJAAS</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>JAASTest Roles</description>
<role-name>NEOJAAS</role-name>
</security-role>
2.login.jsp
<form method="post" action="j_security_check"] <label>用户名</label> <input name="j_username" type="text" maxlength="32" class="login-text"/> <label>密 码</label> <input name="j_password" type="password" maxlength="32" class="login-text"/> <input type="submit" class="stuff" value="登 录" /> </form>