This mechanism is exactly same as basic Authentication except that instead of depending on browser dialog box. Developer is responsible to provide login and error pages.

The only requirement of login form is

the value of action attribute should be j_security_check.
The form should compulsory contain 2 text fields with the names j_username and j_password except in the two they remaining things are customizable.


  1. It is very easy to set up all browsers should provide the support.
  2. We can customize logic form based on our requirement .


  1. Here also user name & password will be send in plain text form & hence it is not secured.