I'm trying to create a simple application, that uses container based form authentization (Tomcat 7 + Active Directory). I'm reusing my login page also for retries on failed attempts. It works just fine, except that on retry the j_security_check appears in the URL.
Here is the relevant part of my application WEB-INF/web.xml:
This is login.jsp:
When the user login fails, the login form is displayed again (with the error message), which is wanted behaviour, but the URL becomes /myapp/j_security_check instead of /myapp/, which is what user initially sees when login form displays for the first time. Is there a way to get the behaviour I want without exposing the j_security_check?