J2EE container security doesn't work quite like that, and neither do Tomcat URLs. In Tomcat, the "application" part of the URL is properly known as the application context. Since a Tomcat server can host multiple applications, that part of the URL tells Tomcat which application to route requests to.
The only way to avoid having the "application" in the URL, is to deploy the webapp under the Root context, which has the "application" of "/". However, that would be a separate application from an application deployed under a context such as "myappname", and since 2 applications cannot communicate directly, having a login page under the root context wouldn't help the "myappname" context.
That's part of your problem.
The other part is your login page. In J2EE, you cannot route to the login and loginfail pages directly. Those pages are not processed in the usual way by the webapp, so attempting to specify "j_security_check" on a user-submitted page will fail.
What actually happens is that if Tomcat sees a request for a secured URL, it will sideline that request, look in the web.xml for the login page location, and send back the login page to the user. The user then submits the form on that page and Tomcat itself (NOT the application) processes the j_security_check. The application never actually sees the login happen.
If you want some really down-and-dirty details on how the whole process works, look back in this forum to about the middle of last week and you'll find a thread where I outlined the process more completely.
An IDE is no substitute for an Intelligent Developer.
Joined: Feb 21, 2011
A very clear explanation.
As i read your text about that application-context-name, it sounds pretty logic with that multi-hosted tomcat application (what i also was intended to do).
I never directly link to those login/error_login pages.
In the web.xml i have indeed only that <security-constraint> element that point to my admin-folder and uses those login-pages.
Also I didn't know that only tomcat (not the application) handles that request. Learned something there, but sounds also logic!
This is what i was thinking about now:
Is it not in someway possible to change the URL from my apache httpd proxy config-file.
I read some information about URL rewriting, but not sure if that is going to work.
Is this last the right way of working or is it then even better to use a framework like Apache Shiro?
I'm not totally sure I understood that, but the actual URL for the login form is the property of Tomcat and isn't something you are entitled to change.
If you're using a proxy URL, the translated URL does have to retain the context ID of the webapp just like normal webapp URLs do. You cannot have a different context for the login than for the application.
While it's possible you may be able to finagle something, solutions like that have a bad habit of breaking down at the most inconvenient time (Murphy's Law), so I don't recommend trying to out-clever it.