I have never see this done in a platform neutral way, but typically you do not access the j_security_check, you just call a 'login module' on the server side and pass the credentials. I'm not sure how to do it in Tomcat, but in Websphere you use the SSOAuthenticator
Joined: Aug 26, 2003
(Reply to David O'Meara) You are right. We did it in that way.
The problem is when a user has just registered. In that case we don't want him to go to the login screen and type his password again. After the registration the user is directly forwarded to the protected area. Therefore our idea was to simulate the login screen with a servlet.
subject: call j_security_check from within a servlet