With form based security:
1 - the unauthenticated user requests a secured resource (I called it the destination location)
2 - The container redirects them to the login screen, which posts to j_security_check
3 - If this passes, the container sends them to the destination.
In my first example, you can plug step 2 directly into the front page, but once they login the container doesn't know where to redirect.
For your second question about other ways, yes there are other security mechanisms besides form based. In my second example, you can still use form based authentication and a login on the front page, but you post to your own form rather than the j_security_check. Now you have the user's name and password in your
servlet but you need to authenticate them with the container. Some containers provide a way to pass the usrename and password directly, but it is different in each container. After this, you can redirect them anywhere you want.