J2EE Web Component j_security_check

I've been working my way through the Sun J2EE Tutorial and am trying to fathom how their Form based Web Component security mechanism works.

When you set up Form based security you specify the logon.jsp page as the Login Page, this can be as simple as

<html>
<title>Login</title>
<body>
<form action="j_security_check" method=post>
<input type="text" size="15" name="j_username">
<input type="password" size="15" name="j_password">
<input type="submit" value="Submit">
</form>
</body>
</html>

If the username and password that you enter match those for the associated realm then you get authenticated and sent on to the page you first requested. (URL).



However, I can find no other reference to this set of values namely j_security_check, j_username and j_password anywhere within the tutorial documentation or even the java.sun.com site. Does anyone know where these things live or are they perhaps embedded within the J2EE reference implementation although that would suggest that the might break the J2EE interoperability rules.

It because your using port 8080


To get around this locate server.xml and change the Non-SSL Connector port to an unused port greater than 1024


Then visit using localhost:newport


Mark