what is the error you are getting and please post the stack trace
Thanks for your response.
You either get a 400 or 404 HTTP error code and as I understand from reading other posts this is because you aren't allowed to access the login page or j_security_check directly. You must access a secured resource and let the normal j2ee mechanics redirect you to the login page.
So knowing this, I have managed to get automatic login to work using the commons httpclient API. In fact, there are some JBoss testcases that do this already.
Form auth cannot be triggered by an arbitrary post. It has to be done in response to the container challenging a request to a secured resource in the context of a newly created session.
The key point was the session cookie that the browser already had was automatically presented back to the server along with any call we made using XMLHttpRequest -- we didn't have to do anything.
Just to wrap this topic up for the benefit of other people that may need to know this sort of thing. Here's how I solved my issues:
1) For authenticating via a Java client using commons httpclient you attempt to access a secured resource first and then post to the j_security_check servlet. You then follow the redirect that is returned at this point.
Now works like a charm, thanks
I have been trying to implment option (using Ajax) without success. Do you have some reference code I could look into.
I searched during long time for trick to break down this JBOSS J_Security_Check mechanism,
please is someone having some solution ?