AccessFilter and web.xml

Add to your web.xml, the jGuard AccessFilter fragment and configure it:
The net.sf.jguard.filters.AccessFilter must be located at the top of the servlet filters list in web.xml, to restrict all protected ressources. His role is also to configure the authorization mechanism for the webapp. So, it requires some 'recurrent' parameters, and some authorization mechanism specific parameters. Here are the recurrent parameters :

loginField

Parameter's name of the form's field which holds the login. All values are accepted except j_username.
passwordField

Parameter's name of the form's field which holds the password. All values are accepted except j_password.
indexURI

Index uri of your web application.
authenticationFailedURI
Uri when the user authentication failed.
logonURI

Uri to access to the authentication form
logonProcessURI

uri to be authenticated. The action property of the authentication form MUST NOT be set to j_security_check.
logoffURI

uri to to be unauthenticated
accessDeniedURI

uri when access to a ressource is denied
debug

boolean option('true' or 'false'), to activate the authorization debug mode
loginModules

specify which loginModules are used for authentication.
com.foo.MyFirstLoginModule.Flag

specify which flag is used for the first loginModule declared above. value can be 'REQUIRED','OPTIONAL','REQUISITE' or 'SUFFICIENT'.
com.foo.MyFirstLoginModule.Options

specify options for the first loginmodule . options are splitted by a ',' and are like this: key="value". WEBAPP_HOME variable refers (if needed), to the webapp location. this location is automatically detected by jGuard.
com.foo.MySecondLoginModule.Flag

specify which flag is used for the second loginModule declared above. value can be 'REQUIRED','OPTIONAL','REQUISITE' or 'SUFFICIENT'.
com.foo.MySecondLoginModule.Options

specify options for the second loginmodule . options are splitted by a ',' and are like this: key="value". WEBAPP_HOME variable refers (if needed), to the webapp location. this location is automatically detected by jGuard.
authorizationManager

specifies the authorization mechanism for the webapplication (formerly, the implementation of the net.sf.jguard.authorization.PermissionManager interface).
Note: there are 'specific' PermissionManager implementations parameters which must be also configured in the AccessFilter parameters section. In respect to the web application 2.3 dtd, you can add below the 'context-param' balise,the AccessFilter configuration.
AccessFilter configuration example:

    .........
    .........
      <filter>
        <filter-name>AccessFilter</filter-name>
         <description>access filter</description>
        <filter-class>net.sf.jguard.filters.AccessFilter</filter-class>
        <!--global settings -->
        <init-param>
            <param-name>loginField</param-name>
            <param-value>login</param-value>
            <description>parameter's name of the form's field which holds the login</description>
        </init-param>
        <init-param>
            <param-name>passwordField</param-name>
            <param-value>password</param-value>
            <description>parameter's name of the form's field which holds the password</description>
        </init-param>
        <!--global settings -->
        <!-- authentication settings -->
        <init-param>
            <param-name>indexURI</param-name>
            <param-value>/myApplication/index.jsp</param-value>
            <description>page to redirect if authentication success</description>
        </init-param>
        <init-param>
            <param-name>authenticationFailedURI</param-name>
            <param-value>
            /myApplication/SwitchToModule.do?prefix=/reg&page=/Logon.do&authenticationFailed=authentication%20Failed
            </param-value>
            <description>page to redirect if authentication failed</description>
        </init-param>
        <init-param>
            <param-name>logonProcessURI</param-name>
            <param-value>/myApplication/reg/LogonProcess.do</param-value>
            <description>page with authentication form</description>
        </init-param>
        <init-param>
            <param-name>logoffURI</param-name>
            <param-value>/myApplication/reg/Logoff.do</param-value>
            <description>uri to logoff</description>
        </init-param>
        <init-param>
            <param-name>accessDeniedURI</param-name>
            <param-value>/myApplication/AccessDenied.do</param-value>
            <description>page to redirect if access to the rssource is denied</description>
        </init-param>
        <init-param>
            <param-name>loginModules</param-name>
            <param-value>net.sf.jguard.loginmodules.XmlLoginModule</param-value>
            <description>loginModules used for authentication</description>
        </init-param>
        <init-param>
            <param-name>net.sf.jguard.loginmodules.XmlLoginModule.Flag</param-name>
            <param-value>required</param-value>
            <description>flag corresponding to the first loginModule. each loginModule defined
             above must have his own Flag which can be 'REQUIRED','OPTIONAL','REQUISITE',
             or 'SUFFICIENT'</description>
        </init-param>
        <init-param>
            <param-name>net.sf.jguard.loginmodules.XmlLoginModule.Options</param-name>
            <param-value>debug="false",fileLocation="WEBAPP_HOME/WEB-INF/conf/jGuard/jGuardUsersRoles.xml"</param-value>
            <description>
            options related to one of the loginModule defined in the 'loginModules' init parameters.WEBAPP_HOME is
            a reserved keyword, and refers to the webapp location.it permits to avoid webapp resolution (which is automatically
            detected by jGuard).
            </description>
        </init-param>
        <init-param>
            <param-name>debug</param-name>
            <param-value>true</param-value>
            <description>enable debug with true to trace authorization settings</description>
        </init-param>
        <!-- authentication settings -->
        <!-- authorization settings -->
        <init-param>
            <param-name>authorizationManager</param-name>
            <param-value>net.sf.jguard.authorization.XmlAuthorizationManager</param-value>
            <description>class which handle to collect permissionsCollection</description>
        </init-param>

        <!-- XmlAuthorizationManager parameter -->
        <init-param>
            <param-name>fileLocation</param-name>
            <param-value>file:///C:/jGuardPrincipalsPermissions.xml</param-value >
            <description>xml file Location</description>
        </init-param>
        <init-param>
            <param-name>debug</param-name>
            <param-value>false</param-value>
            <description>enable debug with true to trace authorization settings</description>
        </init-param>
        <!-- XmlAuthorizationManager parameter -->

        <!-- authorization settings -->
  </filter>
  <filter-mapping>
    .........
    .........
  </filter-mapping>
    <listener>
    <listener-class>net.sf.jguard.listeners.SessionListener</listener-class>
    </listener>
    <listener>
    <listener-class>net.sf.jguard.listeners.ContextListener</listener-class>
  </listener>
  .........
  .........

jGuard

jGuard install on j2ee

Login Modules

Authorization Managers

Advanced jGuard

jGuard install on jvm

AccessFilter and web.xml

loginField

passwordField

indexURI

authenticationFailedURI

logonURI

logonProcessURI

logoffURI

accessDeniedURI

debug

loginModules

com.foo.MyFirstLoginModule.Flag

com.foo.MyFirstLoginModule.Options

com.foo.MySecondLoginModule.Flag

com.foo.MySecondLoginModule.Options

authorizationManager