1)In chapter on security in FORM based authentication example,HFSJ says the action,user name, and password html controls should have these names - j_security_check, j_username, j_password. But it never says what will happen if we dont follow this ? while i was appearing for mocks from other books i came to know this - if the action name is other than j_security_check, we dont get any error, intead the login.html page is redisplayed.
2)Also the book doesnt say anything whether the "/" in the <form-error-page> or <form-login-page> is mandatory or not ? while i was appearing for mocks from other books i came to know this - if we donr use the slash, the web app fails to start as we get a XML parsing error.
3)in the <servlet> tag, is the order <servlet-name> <servlet-class> mandatory ? while i was appearing for mocks from other books i came to know this - yes, it is, i.e you should not alter this order. HFSJ doesnt tell this.
Any comments from the authors ??
SCJP 1.4 - 95% [ My Story ] - SCWCD 1.4 - 91% [ My Story ] Performance is a compulsion, not a option, if my existence is to be justified.
First, the servlet spec is also rather vague about what happens if you accidentally or deliberately misspell the j_*** names in the login form. Because of this vagueness, the web container behavior is "vendor specific".
Second, yes, the "/" is mandatory. The URLs for the login and error pages must be absolute paths (with respect to the webapp).
Lastly, the order of XML elements in the web.xml (servlet configuration) file is no longer important. The DTD for servlet spec v2.3 *was* order dependent, but that was relaxed in servlet spec v2.4.
Hope that helps, Bryan
subject: To the authors - HFSJ doesnt mention this !!