With AJAX is super simple. I use DWR usually, but that doesn't make sense for this. So in this situation, I use Prototype like so:
var url = '/some/protected/url';
new Ajax.Request(url,{
method: 'get',
onSuccess: function(trans) {
// submit a POST request to j_security_check
}
});
Without Ajax you need to do something with the effect of:
1) poke a member protected resource with a stick, then
2) Send a request to j_security_check with params for j_username and j_password
Normally, the user is sent to the login page by trying to access a protected resource. Since you don't want to send the user to a login page, and don't want to leave the page at all, you need to fake the user's action by hitting the protected resource in the background. That way you're free to submit the security auth request also in the background so the user never sees it.
[Message sent by forum member 'rwillie6' (rwillie6)]
http://forums.java.net/jive/thread.jspa?messageID=246973