This is caused by directly refering to the login URL. Instead, you should go to a protected resource, such as Main.jsp. If login is required, this will redirect you to the login page. The "j_security_check" URL is a kind of temporary resource that only exists.if the tomcat decided that the login page should be shown.
For example -
if the protected resource is main.jsp
Then you should not specify the login.jsp in <welcome-file-list> in web.xml, instead you should specify the main.jsp.