I have a J2EE webapp which uses standard FORM-based authentication, using a login.jsp page, which works okay, apart from a couple of glitches:
If username/password are incorrect, the login error page auto-redirects back to login.jsp, but unfortunately "j_security_check" then appears at the end of the URL - which I know is sub-optimal.
Intermittent 408 errors on log-in, which I guess is due to unwanted caching.
However, I now need to do 2 new things:
Log a user in from a different style log-in form embedded in another page, not the log-in page, ideally by making an Ajax request.
In some circumstances, auto-login the user as "guest", so that I can control user's access to resources based on the application's own internal security model.
In summary: is there a best-practice way of interacting with the J2EE j_security_check functionality via Ajax, to provide more flexibility in logging-in?
( I haven't supplied code or config snippets as I'm after a general approach rather than a fix to a specific problem )