I was debugging further and observed that the savedRequestURL from the org.jboss.web.tomcat.tc4.authenticator.FormAuthenticator was null.
For the first j_security_check, the user was succesfully redirected to the secured web page. But on subsequent logins, the savedRequestURL is returning null.
Does anyone know a fix for this?
I did not get a response for the j_security_check problem. I fixed the problem by changing the org.jboss.web.tomcat.tc4.authenticator.FormAuthenticator in tomcat to get the j_uri parameter from the request object when the savedRequestURI is null. I made a request to apache to have it fixed and was told that it worked with vanilla Tomcat and is therefore a JBoss issue.
Since 3.2.5 is using an obsolete version of tomcat, I can't very well tell what version is supposed to work correctly. What is the tomcat bug that states it functions correctly?
The bug appears to be on JBoss 3.2.7 as well. The request was placed with apache under http://issues.apache.org/bugzilla/show_bug.cgi?id=36108.
There is an option with resin to use the j_uri parameter as the uri to redirect to on successful authentication (refer to http://www.novatoyouthsoccer.org:8080/resin-doc/security/authentication.xtp under Configuration -> j_security_check Parameters)
I wish jboss could have a similar option to overcome the bug.