After many stressful hours I have worked out that j_security_check is a load of old horse dung and should not be used in a production environment.
My main gripe is that you can not use a filter to extract the username and password and store them in a session object. This is a WOEFULL oversight. Authentication using form-based login and j_security_check is handled effortlessly by glassfish. However what happens if you then want to greet the user after she has successfully logged in? How can you then extract the j_username value and store it in a session object for future reference?
There must be a better way of authenticating. please put me out of my misery and point me in the correct direction.
One of those moments when the beauty of Glassfish is stained because of what can surely only be a horrendous oversight.
[Message sent by forum member 'hughacland' (hughacland)]
http://forums.java.net/jive/thread.jspa?messageID=271709