j_security_check redirect

Question

I am learning Java servlets on Tomcat environment. I am learning how to use form based login authentication using j_security_check. So, in my servlet, I have a login page th

Answer 1

The behavior of form-based authentication is the following:

• the browser sends a request to a protected URL
• the server intercepts its request, sees that you're not authenticated, and redirects to the loginf form page
• the user logs in
• the server redirects to the URL that triggered the authentication: the protected URL asked in the first step.

This is good, because it allows a user to bookmark a protected page, come back the next day to this bookmarked page, log in, and go directly to the bookmarked page rather than the welcome page.

My guess is that the landing page is not protected, but its CSS file is. So the request that triggers the authenticationis the request that tries to load the CSS file, which causes the user to be redirected to the CSS file.