my doubt is in security,
we are creating roles with user names and passwords in tomcat-users.xml .
as far as roles are concerned, i get it .
what i dont get is , doesn't the user create his username and password ,how come we do it(that is the application developer).
for eg: i want to buy a book from amazon.com , i create all login details(that is the user)
could anyone explain me - what's happening here . one thing is for sure , i am missing something.
thanks.