2 questions/problems about Form-based login

Hello.
I am using WebSphere AE and AAT. I have set up my application to show my own login-screen when the user ask for a protected URL. This login-form shows up ok.
1)
The problem is that when I push "submit" I get a blank screen on my browser with the following URL:
"http://oemcomputer:9080/j_security_check?j_username=Admin&j_password=*******&action=Login"
(The password is of course another value .....)
It seems like I don't get in touch with the Websphere servlet FormLoginServlet.
==> Should I do any kind of definition on this servlet ? I guess that this servlet is a standard websphere servlet and not a servlet I am supposed to make myself ?
2)
When I solve 1) above I suppose that websphere gives me the URL-page that I asked for (and is protected). I would need to retrieve the userid I put into my login-form. If the FormLoginServlet is a standard websphere servlet, then I can not manipulate it to add the userid to i.ex the request or an session-variable.
==> How can I bring this userid to my application ?
Some additional informastion:
a)
The login-form is supposed to be verified againt the Local OS.
b)
My login-form (method: Form based login) looks like this:
&It;HTML>
&It;head>
&It;LINK rel="stylesheet" href="/termin/brukerhandbok/termin.css">
&It;/head>
&It;BODY BGCOLOR=#C0C0C0 class=FieldBox>
&It;FieldSet>
&It;td width="100%">
&It;tr bgcolor="#cccccc">
&It;FORM
&It;METHOD="post" ACTION="j_security_check">
&It;FONT class=Heading> P�logging &It;/FONT>
&It;BR>
&It;table align=justify>
&It;tr class=FieldBox>
&It;td class=FieldLabel>Brukerident &It;/td>
&It;td class=FieldInput>
&It;INPUT TYPE="text" NAME="j_username" Value="" SIZE="10" MAXLENGTH="25" >
&It;/td>
&It;/tr>
&It;tr class=FieldBox>
&It;td class=FieldLabel>Passord &It;/td>
&It;td class=FieldInput>
&It;INPUT TYPE="password" NAME="j_password" Value="" SIZE="10" MAXLENGTH="25" >
&It;/td>
&It;/tr>
&It;tr class=FieldBox>
&It;/table>
&It;BR>
  &It;INPUT TYPE="submit" class=Button NAME="action" VALUE="Login">
&It;/FORM>
&It;/BODY>
&It;/HTML>

Just some clues here as I am not sure to fully understand your problems.
1) You must not call the login page directy but instead a protected page of your application. Then WAS will redirect to the login page and once the logon completed, you'll be redirected to the protected page you formaly asked for (called WasReqUrl).
If you try to go directly to the login page, then *WasReqUrl* is left blank, thus you will obtain a blank page after authentication as websphere does not know where to redirect you to.
Your browser also have to accept cookies as the WasReqUrl is... a cookie.
(When I see your URL, I guess you do not allow cookies for session management but URLRewritting instead)
2) getRemoteUser() and getUserPrincipal() should help you.
With WebSphere, you can only obtain this information from a protected resource. Otherwise, it will retun NULL.
(I hope this is a little bit clear )

1)
I know that I have to type the URL of the protected page and not the URL of the login-page.
I have checked WAS in the "Session Manager Service"-panel for my Default-Server in node OEMCOMPUTER. The panel says that I have checked the box for "Enabling Cookies", and I have not checked the box for "Enable URL rewriting".
In the browser (Explorer) in the folder for Security I have activated Cookies for all 4 types of connections.
==> I would be thankful for more input on this problem.
2)
Looks like your answer can solve my problem here. I guess I can't try it out before 1) is solved.
Thanks.
I appriciate your answers so far, and if you or anybody else have more suggestions I would be thankful.

Hi Erik,
For problem number 1, maybe you can use the tracefiles to obtain further information about what occur.
Any logs in the native.logs ?
Any errors in the tracefile ?
Any entries in the stdout & stderr ?
Moreover, could you activate the cookie prompt feature on your browser. So you'll be able to see the cookies received and their values

Please check for the following ...
eFix (APAR): PQ56667
Status: eFix
For Release: WebSphere 4.0.2
For Operating System: all
CMVC defect: PQ56667
Required eFixes: NONE
Include eFixes:
117071: abstract ISEL- sendRedirect not add last / servlet mapping like /test/*

Byte size of APAR: 869,844 bytes
Date: 1/24/2002
Abstract: AFTER APPLYING PQ51545 WAS DOES NOT CONSTRUCT URIS PROPERLY WITH SECURITY ON.
Description/symptom of problem:
The application of PQ51545 on WAS 4.0.1 or the use of the
parameter to set behavior of absolute or relative URIs for FormLogin in
WAS 4.0.2 does not work properly with WAS global security
on.
Implement setting com.ibm.websphere.sendredirect.compliance = [ 1 / true (case insenstive)]
all other values will be considered false and this setting will be ignored.
Directions to apply efix:
1) Create temporary "efix" directory to store the jar file:
AIX: /tmp/WebSphere/efix
Solaris/Linux: /tmp/WebSphere/efix
Windows: c:\temp\WebSphere\efix
2) Copy jar file to the directory
3) Shutdown WebSphere
4) Run the jar file with the following command answering questions/prompts as they appear:
java -jar <jarfile name>
5) Restart WebSphere
6) The temp directory may be removed but the jar file should be saved. Do not remove
any files created and stored in the <WASHOME>/WebSphere/AppServer/efix/<efix> directories.
These files are required if an efix is to be removed.

Directions to remove an efix:
NOTE: EFIXES MUST BE REMOVED IN THE ORDER THEY WERE APPLIED. DO NOT REMOVE AN EFIX UNLESS
ALL EFIXES APPLIED AFTER IT HAVE FIRST BEEN REMOVED. YOU MAY REAPPLY ANY REMOVED EFIX.
Example: If your system has efix1, efix2, and efix3 applied in that order and efix2 is to be
removed, efix3 must be removed first, efix2 removed, and efix3 re-applied.

1) Change directory to the efix location (<WASHOME>/WebSphere/AppServer/efix/PQ56667).
2) Shutdown WebSphere
3) Run the backup jar file with the following command:
java -jar PQ56667_ver2_Test_AEServer_AEsServer.jar
4) Restart WebSphere
5) To enable view the additional information provided below.

Directions to re-apply an efix:
Follow the instructions for applying an efix. If the backup files still exist (from the
previous efix application), you will be prompted to overwrite. Answer "yes" at the overwrite
prompts.