There is no good reason for them to be fixed. Can be anything.
Actually, you can put this authentication form on just any page while taking care which servlet it invokes. So the total flow of your application is in your hands.
A doubt from my side: What would be the utility of this <login-config> element?
your web app will start just fine, but as soon as you request a secured part of your web app
the container throws the following exception and an empty page is returned to the requester
oh and not defining the <auth-method> tag will cause the container to not even start up....
as soon as <login-config> is present, <auth-method> is mandatory
A doubt from my side: What would be the utility of this <login-config> element?
i don't get that part ...
Actually I want to ask why at all do we need to tell the application about the login config in this way? Why to have all this <login-config> story in web.xml or anywhere for that matter? I hope the doubt is clear.
Oh, okay. So that means it is perfectly alright if I do not have this element in my web.xml and simple use a form in one or all of my web pages that take in a username and password and I do the authentication myself, using jdbc or something?
Am I off track? I hope I am not being too deviling
Yep that is correct, even though the container already provides login mechanisms (that can also be hooked up with JDBC). So why use custom login mechanisms ?
Post by:autobot
Forget this weirdo. You guys wanna see something really neat? I just have to take off my shoe .... (hint: it's a tiny ad)
a bit of art, as a gift, the permaculture playing cards