I'm not really sure what you are doing with the filter. Why are you using a filter? For a FORM based login, you just need to provide your login page with the appropriate action. What are the contents of your login page?
Thanks for your reply Jai.
Actually, the problem is not with the filter. But, with the j_security_check action itself. For your information, I'm performing some basic checks if password expired/ password re-set by the admin (if so, I redirect to 'Change Password' page) and so on. I'm not getting my head around of why on earth the login works only for the first time? If its application cache problem, then I'm using
attribute in <security-domain> element of jboss-web.xml.
I believe it could be browser's cache as if I open new browser and try login, it always works. I suppose this feature of login is a basic requirement for any form based security enabled web application running in Jboss.
Well, I got the solution myself. It has nothing to do with j_security_check at all but with "servletPath"!
After a meticulous debug of my code and imagining how would the second request object has been different from first, I realized in my second attempt after logout, I'm redirecting to login page! But, how would the server know where to go after successful login? So, I changed that to redirect to a protected home page which I wanted to see after login and now every works as expected. If anyone's already looking into the problem, apologies for grabbing their time but I hope this post would be useful for other similar problems.
I am also facing the same problem.
When first time login application is working fine, after session time out(after 15 min), when try to login again the application displays 404 error and if I click on the any other link, system shows the logged in details.
The below entries are from web.xml. Please advise.