AEM form-based authentication displays a login form (as shown in the previous illustration). When the user fills in the login form and submits the data, AEM stores the successful authentication in a Cookie or an HTTP Session. If the authentication is unsuccessful, then an error message is displayed.
By default, the URL of a form submission has to end with /j_security_check. That is, a login Form Action can POST to <anything>/j_security_check. For example:
The user name and password names must be j_username and j_password. For example: