Check here for a sample that does exactly what you need.
You can download sources and check for differences with your app.
Cool, thanks. I'll check it out. I think I might have figured out my problem though. If the user authentication failed in the login() method, I was returning false, but I wasn't throwing a new LoginException which is apparently what triggers abort() being called and the appropriate actions being taken to redirect the user to the form-error-page. It's still not clear to me if this is the correct course of action since it's not clear in the specs, but it seems to work.