Question: The following web page is defined as the custom form login page for authentication. Assuming that you have attempted to access a protected resource and been redirected to this web page, what is the result of filling in the user name and password fields and pressing submit? (Choose one.)
A. You will not be redirected to this page in the first place. B. HTTP 401 or 403 error (forbidden /not authorized). C. HTTP 404 error (page not found). D. HTTP 500 error (server error). E. The page is redisplayed.
Correct Answer specified in Book : E
The key to the question is noticing that the form HTML has something close to the right values for the form action, user name, and password fields�but not close enough. The proper attribute values have underscores: j_security_check, j_username, j_password. So the form submits to the server. Instead of (as you might expect) an HTTP 404 error (because the resource jsecuritycheck doesn�t exist), the server sees that no authorization data has been provided, so it simply redirects to the log-in page again.
But when I tried the same program I got HTTP 404 error. Please can anybody clarify this?
Yes, I did. When I tried to access the protected resource, it redirects to the custom login page and I gave correct username and password. Instead of getting the same login page as mentioned in the answer for this question, I got HTTP 404 error saying jsecuritycheck is not found.
I think that the mock was assuming that all resources would be protected (but nothing is written in the question). In your case, you receive a 404 because the form action is not accessing a protected resource.