I am having a problem posting credentials to j_security_check for
form-based authentication.
It seems that tomcat expects that I already have a session established
before posting the username and password. If I don't already have a
JSESSIONID cookie, j_security_check returns a 408. Unfortunately, I
have another application attempting to talk to this one that requires
that the first thing it does is post credentials to the
j_security_check, so I have no mechanism of hitting another page first
to establish a session.
This mechanism worked fine with BEA Weblogic, but it seems that tomcat's
handling of j_security_check is different. Does anyone know of any
options to modify the behavior of j_security_check so that it would just
do the authentication and establish the session in one shot at the time
of the POST request?
Thanks,
Paul
