I configured my application to use JAAS with FORM based authentication. It seems to work well enough. Attempting to access a protected page prior to logging in causes the login page to display. The requested page then displays, assuming you logged in as a user with the required role.
What is not clear is how to login directly from my application's home page. Registered users and visitors both have the same public splash page. New users have a "register" link; existing users get username/password inputs. Therein lies the problem: what would the form action be?
AFAIK j_security_check cannot be called directly. It wants to intercept calls to secure resources, authenticate the user then forward them on.
As a temporary workaround (pending a solution) I can have a "Members" link on the public home page. Clicking that will trigger the login page if the user is not already logged in.
According to the 2.4 servlet specification the login form will only be invoked on an attempt to access a secured resource. Direct login is not supported.
What I need is a companion to j_security_check that allows me to directly login a user rather than wait for that user to access a secure resource.
My dream method: