i figured it out.
first, i had to go thru some channels to get approval to install a sniffer. once done, i found the HTTP response was being redirected to the SSL version of the URL. our JBoss 4.0.4 installation requires SSL; the JBoss 4.0.5 installation does not. a simple change to our WAR web.xml to change <transport-guarantee> from CONFIDENTIAL to NONE solved the problem. i now get the login screen.