I've got a web application, deployed on GlassFish 3.0.1, which is using container managed security. It's a simple, standard form based implementation using j_security_check against a JDBCRealm. Everything to do with securing the application is fine (and I can't believe I've rolled my own security systems in the past).
What I can't seem to figure out though is how to deal with the case where a user enters the wrong password. My "loginFailed.xhtml" page is shown correctly but I would like to then just direct the user back to the login page (via a link or automatically) to try again.
When I've tried this the link back to the login.xhtml page works fine but the security system appears to have forgotten where it's trying to send the user after they have authenticated. When the user does correctly authenticate an exception is raised because the system tries to load a page that doesn't exist (some mangled version of the login page URL).
I suppose I could direct the user back to the home page and let them try again from there but I've not seen an application with that much of a kludge for long time. All ideas and help gratefully received...