You cannot call j_security_check directly and expect it to work. That mechanism belongs to the application server (Tomcat), and the required context only exists when Tomcat itself feels the need to present the login page. That is, when you submit a security-restricted URL (as defiend in web.xml).
I heartily discourage putting any sort of menu on a login page. The act of selecting from a menu is also the act of sending a web request, which means that the user is attempting to short-circuit the login, since you can't do 2 submits at the same time (menu and login form). So, if you'd actually succeeded, you'd have an insecure application where people could hack their way past the login. Though that would also indicate a security bug in Tomcat, and no such bug is known to exist, so either you'd have access denied or the menu operation would not be performed, depending on how you coded the page.
Customer surveys are for companies who didn't pay proper attention to begin with.
Joined: Dec 21, 2009
First, I would like to thank you for your suggestions.
Sooner or later a bacame to understand that the "error" that occurs in my web app about jsp pages that contain flash (not necessary flash menu, but also some other flash files in order to make "nicer" my web app) really causes wayward behavior in those jsp pages.
But later, from another persons advice, I realized that this happens when flash files are included into protected folders.
Then, I removed those flash files out of the protected folder, and everything worked OK.
Thank you again for the advice about security on my web app!