Just to wrap this topic up for the benefit of other people that may need to know this sort of thing. Here's how I solved my issues:
1) For authenticating via a Java client using commons httpclient you attempt to access a secured resource first and then post to the j_security_check servlet. You then follow the redirect that is returned at this point. 2) For authenticating via Javascript or in my case some JSP page you follow the same path as #1, whereby you attempt to access a secured resource before posting to j_security_check. bstansberry's comment about the AJAX stuff got me past the point that to complete the process you have to make sure the JSESSIONID cookie is retrieved and added to your current session (thank you for that) Now works like a charm, thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3905128#3905128 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3905128 ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
