For my servlet/JSP application I plan to use a form-based authentification approach. From what I understand, for a form-based authentification, the Tomcat will automatically check the userId and Password from the HTTp request, against the userID and Password listed in the apps-xxx.xml file for my Webapplication. But with this approach won't it effect the security.
If number of users are more how can we list all ids and passwords in apps-xxx,xml.
Is my understanding is right. Please do correct me. Also I want to know how we can provide authentification using other application server like bea. If we have to provide userid and password in web.xml file, how to enter all those details in bea.