I've been working my way through the Sun J2EE Tutorial and am trying to fathom how their Form based Web Component security mechanism works.
When you set up Form based security you specify the logon.jsp page as the Login Page, this can be as simple as
<form action="j_security_check" method=post>
<input type="text" size="15" name="j_username">
<input type="password" size="15" name="j_password">
<input type="submit" value="Submit">
If the username and password that you enter match those for the associated realm then you get authenticated and sent on to the page you first requested. (URL).
However, I can find no other reference to this set of values namely j_security_check, j_username and j_password anywhere within the tutorial documentation or even the java.sun.com site. Does anyone know where these things live or are they perhaps embedded within the J2EE reference implementation although that would suggest that the might break the J2EE interoperability rules.