Used in a <form-login-config> element to specify the relative URL for the login page.

When the protected resource is accessed by an unauthenticated user, the user is redirected to this page to log in.

The login page can be designed by the developer, and must contain a <form> with:

  • A username field called j_username
  • A password field called j_password
  • The form action attribute must be set to j_security_check

What happens to URL parameters when a protected resource is accessed?

Any request parameters sent to the protected resource are preserved, and sent to the resource after successful login. For example:
1. Request by unauthorized user: /private/somepage.jsp?arg1=abc
2. Server asks user to login, by sending them to the login page
3. The user logs in successfully
4. The user is redirected to: /private/somepage.jsp?arg1=abc

See Also

metawerx specific

referring pages