Java EE 6教程代替.容器托管的安全性从此处开始.

The use of the HttpServletRequest#login() method indicates that you're using Servlet 3.0 which is part of Java EE 6. Yet you're reading a 7.5 years old J2EE 1.4 tutorial. I'd suggest to put that dusty tutorial aside and read the Java EE 6 tutorial instead. Container managed security starts here.

回到您的具体问题，login()将(领域配置方法 .如果您在SQL数据库中具有用户名/密码，则可能需要使用 JDBCRealm .

Back to your concrete problem, the login() will (as documented) throw an exception when the login is invalid or when the container doesn't have any Realm definied at all. Assuming that you're certain that the username/password is valid, it'll probably be the last cause. How to do it exactly depends on the servletcontainer in question. Just consult its documentation using the keyword "Realm". For example, for Tomcat 7.0 that's the Realm Configuration HOW-TO. If you have the usernames/passwords in a SQL database, you'll probably want to use the JDBCRealm.

在servlet容器级别配置了 Realm 之后，就可以按需要使用login()方法了.不要忘记按照Java EE 6教程在web.xml中添加<security-constraint>来限制对某些URL模式的访问并指定登录页面的URL.

Once you've configured a Realm at servletcontainer level, then you'll be able to use the login() method the way you want. Don't forget to add a <security-constraint> to the web.xml as per the Java EE 6 tutorial to restrict access on certain URL patterns and specify the URL of the login page.