I want my login page as requirement may be to use some more information to authenticate the user apart from userid and password. For example, if user fails to login twice, system may ask to provide some information for login. In form based declarative authentication, I can have only userid and password.
I want declarative authentication because currently application is in initial stage and will grow in future to add more roles. So if we have declarative authorization, then code change will not be required.