Not sure if this belongs in security or JMX & Management but since it is security related, I'm going to say it should be here. Please let me know if I have to move the question. Onto the real stuff:

I have secured the jmx-console using FORM based authentication with a CONFIDENTIAL transport-guarantee. I would like to do the same thing with the web-console and have the following in my web.xml.

<security-constraint>
.
.
<user-data-constraint>
     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

<login-config>
     <auth-method>FORM</auth-method>
          <form-login-config>
               <form-login-page>/login.html</form-login-page>
               <form-error-page>/login-error.html</form-error-page>
          </form-login-config>
<login-config>

My problem comes in when I attempt to login into the web-console. Since the web-console is two frames, the login page appears in both frames. I can login to one, hit back and then go back into the console but that is a pain in the butt and could be confusing for future users. Does anyone have a way I can modify either the security setup or something in the web-console deployment to make the login.html page appears as one page and upon successful login, move to the two fram web-console? Thanks.