I am having an existing project where form based login is implemented. It has database table and login.jsp. I tried to figure out how j_security_check is linked to the database for pulling user out and validating.
i got login-config.xml file in my JBoss server. It has following.
- <application-policy name="ioclpower_domain"> - <!-- A simple server login module, which can be used when the number of users is relatively small. It uses two properties files: users.properties, which holds users (key) and their password (value). roles.properties, which holds users (key) and a comma-separated list of their roles (value). The unauthenticatedIdentity property defines the name of the principal that will be used when a null username and password are presented as is the case for an unuathenticated web client or MDB. If you want to allow such users to be authenticated add the property, e.g., unauthenticatedIdentity="nobody"