I had this problem too for a while.
This is because you have to hit some page in your protected domain and have the server re-route you to the login page. You cannot just hit the login page directly and go from there. Hitting the back button takes you to the login page, but without being re-routed. I don't know why this is, but it's the only answer I've found.
Thanks for your reply.
In fact, I ever tried this same application under JBoss 2.4.4 and it works very good.
I cann't find any solution for this question, I really need your help now. I use JBoss3.0-Tomcat4.03.