I a mtrying to right a servlet that will take a username and password that has been [osted to it from a form and then use that to check against a xml document to see if the username and password are valid.
If they are valid then it should direct the user to a welcome page.
can anyone help, i'm not really sure where to start?
Apache Tomcat already does all of this. If you use FORM based authentication, it allows you to pass in the username and password, and the default location for authentication details is the tomcat-users.xml file in the <tomcat_home>/conf directory.
You can check out the config for the tomcat-users.xml file here, I'll need to go find a link for configuring the FORM based authentication, although it's just config settings in the web.xml file and therefore standard J2EE.
Or you can write your own custom realm, and parse your XML document yourself, I guess. Check out the security section of the J2EE Tutorial. Howerver, I think using JDBCRealm of Tomcat is easier and more convenient when you already have an existing database that includes usernames, pass, and roles..