Hi Luca,
I am sure you already had a look to
this tutorial.
You could modify it commenting out any DB-related call, substituting it with code like "if password="test" then.." and similar that apply.
Anyway, I opened up that project for you to try to describe the logic and flow it is based on.
Step 0
When the client points a browser to localhost:51042 (or any other address/port the server is on), it is served document www/index.html, whose sole task is to present a link to the login page. This happens because the B4J server program defaults to www dir and so it picks up and deliver that index.html file.
Step 1
Following the link in step 0, you land on document index.html in dir login_example.
This document let you enter data for a new user or go to document signin.html to enter data for an existing user.
Let's have a brief look to signin.html since its simpler.
First rows prepare the form to enter username and passord. Then jQuery is used to listen for the "Sign In" button click and to prepare parameters to call SigninHelper handler (no surprise here to read that the parameters are the username and password entered in the form..).
Last note about signin.html: when it receives control back from SigninHelper handler, it on success redirects to document members/index.html in the reserved area.
So in a way, your flow is signin.html - SigninHelper - signin.html - members/index.html
Step 1.1
This is the realm of SigninHelper handler. It reads username/password from the req parameter and checks with the DB if the credentials are ok (here you could substitute the code with an in-code check or simply set success=true for any user/pwd).
Then a response is made with string "success" or an appropriate error in order to signal the calling code (signin.html) how the credentials check went.
Lastly with
req.GetSession.SetAttribute("registered", success)
req.GetSession.SetAttribute("name", userName)
current data session is updated with two elements used by following pages/handlers.
Step 2
If you arrive on members/index.html then there are two reserved links for you: MembersHandler and Logout handler (a special greeting and a way to go back to the starting point).
Ok, this is the flow. Now for the interesting part: the filter.
To give you access to document members/index.html (on credentials check OK), the B4J has to check with filter MembersFilter because anything in directory members (and below) is protected by this filter.
The filter check whether a session variable "registered " exists and has value True.
There is also a check on time elapsed from your last activity (30min).
So, if session is given permission to procede you reach the protected resource (an html page, an handler, a pdf document, whatever).
Otherwise you are redirected to Step 1 above.
Hope the above will help you.
Umberto