Configuring our application for form-based
When an unauthenticated user attempts to access a secured page, our application
must redirect the user to the login page. Once the user has successfully authenticated
through the application's security realm, the user is presented with the page he/she
was trying to access. If the user does not successfully authenticate, the application
must direct the user to our login error page. All of this needs to be configured in the
application's web.xml deployment descriptor.
As previously mentioned, the Servlet 3.0 specification introduces several annotations
that minimize the need for a web.xml deployment descriptor, however web.xml is
still needed for securing web applications. To add a web.xml deployment descriptor
to our application, we need to right-click on the project then select New | Other ,
then select the Web category and Standard Deployment Descriptor (web.xml) from
the File Types list.
After clicking Next > , and then Finish to select all the defaults the file will be created
By default, NetBeans immediately opens the web.xml deployment descriptor in a
visual editor. After clicking the Security button in the toolbar, we can enter security
information for our application.