Thanks for reply :-)
I want to know how Form Authentication works, but I get "HTTP Status 404 - /myWeb/MySecurity/j_security_check" after submitting the form.
---invoke form page.
http://localhost:8080/myWeb/MySecurity/formlogin.html === here's steps I do :
1. ---add following inside "tomcat-users.xml"
<user name="john" password="jjj" roles="employee" />
<user name="mary" password="mmm" roles="employee" />
<user name="bob" password="bbb" roles="employee, supervisor" />
2. -- add following inside web.xml
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/MySecurity/formlogin.html</form-login-page>
<form-error-page>/MySecurity/formerror.html</form-error-page>
</form-login-config>
</login-config>
3. -- create "formlogin.html"
<html>
<body>
<h4>Please login:</h4>
<form method="POST" action="j_security_check">
<input type="text" name="j_username">
<input type="password" name="j_password">
<input type="submit" value="OK">
</form>
</body>
</html>
4. -- create file "formerror.html"
<html>
<body>
<h4>Sorry, your username and password do not match.</h4>
</body>
</html>