The j_security_check target is not usable as a target url. Its only to be used by the web container when someone accesses secure content that is protected using FORM authentication.
Please forgive me, but I may be confused. If we don't access j_security_check directly, how do we pass the username/password to the server in form-based authentication? According to Sun:
The content of the login form in an HTML page, JSP page, or servlet for a
login page should be as follows:
< form method="POST" action="j_security_check" >
< input type="text" name= "j_username" >
< input type="password" name= "j_password" >
I want to add one more point.
We are able to access secure resource successfully before accessing j_security_check. Even then it is not storing the cookies.
I trying to find the solution with the same issue. Do you have solution available?