In the previous chapters, you learned how to implement a Login page using both servlets and JSP to restrict access to a certain resource.The common practice is to write code that takes a user’s name and password and matches them against those stored in a database.

Although this practice is great, there is another approach to securing your application that does not require you to write a single line of code. Instead, you configure the deployment descriptor of the web application you want to secure.

This chapter discusses the security configuration in the deployment descriptor and introduces you to various methods ...