Programming java form base authentication

add security-constraint, login-config, security-role into web.xml
<security-constraint>
        <display-name>securityconstraint</display-name>
        <web-resource-collection>
            <web-resource-name>allthewebresource</web-resource-name>
            <description></description>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description></description>
            <role-name>loginUser</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/form-base.jsp</form-login-page>
            <form-error-page>/error.jsp</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <description></description>
        <role-name>loginUser</role-name>
    </security-role>

create form-base.jsp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html" %>
<%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %>
<html:html>
<HEAD>
<%@ page
language="java"
contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"
%>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<META name="GENERATOR" content="IBM WebSphere Studio">
<META http-equiv="Content-Style-Type" content="text/css">
<LINK href="theme/Master.css" rel="stylesheet"
    type="text/css">
<TITLE></TITLE>
</HEAD>

<BODY>
<P>請將內容放在這裡。</P>
<form method="POST" action="j_security_check">
username<input type="text" name="j_username"><BR>password
<input type="password" name="j_password">
<BR>
<INPUT type="submit" name="submit"><INPUT type="reset" value="reset"></form>
</BODY>
</html:html>

if using tomcat add role to tomcat-users.xml
<role rolename="loginUser"/>
<user username="both" password="tomcat" roles="loginUser,tomcat,role1"/>