To review, authentication for a Web application can be done as:
Form-based authentication, which uses Web forms to authenticate users into WebLogic Server
Browser-based authentication, which incorporates HTTP authentication methods to log in users to WebLogic Server
Declarative security for Web applications uses deployment descriptors (web.xml and weblogic.xml) to express an application's security structure, including roles, access control, and authentication requirements. The information in the deployment descriptors maps the application's logical security requirements to its runtime representation. At runtime, the servlet container uses the security policy to enforce authentication. ...