I'm using a custom DatabaseServerLoginModule. Is this best solution to just override the behavior and force my loginmodule to only redirect users to one place?
Never mind. I wrote some code to dump all the request attributes and headers and found it:
I now see the problem. My site is secured on roles that correspond to directories. If the user just bookmarks my login.jsp or login.html page, I would have to have a way to know what their role is even if I could alter these request attributes. The real solution will be to dump them to an intermediate page that makes them click on a link appropriate from their role. Then the container should have no problems.