We have created a login page for use with form based authentication using Tomcat. As specified the form action is "j_security_check". Using this, the login page is displayed whenever the user access a protected area of the application, the user can successfully log in and the requested page is shown.
The problem we are having is figuing out how to just show the login form ourselves (for example, by the user specifically clicking on a "login" menu option). Tomcat does not seem to support the use of j_security_check in this mode of operation. We've also tried to handle for form ourselves and then redirect to j_security_check but again with success.
One simple way would be a protected "login" page, that all it does is forward to a real page, once accessed. I have not actually done this, but I plan to do it soon, and that is how I was thinking of doing it.
When user clicks 'login' you can just send him to a 'home' protected page - this request will be intercepted and login page will popup.