Using Form-Based Authentication
In the Java EE deployment descriptor file, web.xml, you set up an application-specific login configuration to specify the type of authentication to perform, such as form-based to display a login form. For a login page to be successful, the form must contain the following tags:
<form action="j_security_check" method="post" > <input type="text" name="j_username"> <input type="password" name="j_password"> </form>
This type of login page is automatically created if you choose to use form-based authentication and generate a login page when you implement ADF security. If you define a custom login page, it should be a plain HTML or JSP page that does not use ADF Faces or JSF.
The form submission from the browser is in clear text unless the login page is secured using HTTPS.