I am building a small application running on a Jboss server (jboss-4.0.0), that is utilizing form-based container managed security. Users access this application via a link on their portal page (that is not part of the jboss environment). Users have already been authenticated when they reach this portal page and the end user does not want to have to re-enter user-id or password on the login page.
The portal page is going to post the j_username and j_password information to a url, but I can't seem to find a way to get it accepted. I know you are not supposed to call the loginServlet directly, but has anyone found a way to get past this so that you can call the login servlet from outside the app server? I get the message: The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).
You cannot post directory to the form login page. This is used by the web container only when the it determines there is an unauthenticated session. To have seemless integration with other security contexts you need to look into sso configurations. Check the wiki: