well, it's not necessary to put the username and password in the url. i can put it in a form and then post it with "POST" method. of course i can use my normal login page but, the problem is, the login page is on another server, and that server will redirect the browser, together with the username and password to another server, which handle the authentication.
i found 1 way to get around it. i just create another
jsp page and then use request.getParameter to get the username and password and store it in the session variable. and that, i use response.sendRedirect to redirect the browser to some restricted realm on the server and of course because of this, tomcat will redirect the normal login page. but, in the login page, i'll get the username and password from the session variable, and if theres any, i just use response.sendRedirect to redirect the login page to j_security_check, together with the username and password. if authenticated, tomcat will redirect me back to the original page...
the problem is, it seem quiete messy.
i hope there's a cleaner way to do this....
anyway,
thanks...
cheers.....