THE PROBLEM: FORM based authentication is not working when the login form is submitted from a JSF/XHTML page, but it does when the form is submitted from a JSP page.

DESCRIPTION: The security realm and domain are configured with a "Database" login module, the security contraint is defined in the web.xml of the project / WAR and the authentication method is set to FORM in web.xml. The login and error pages are set also in web.xml.

We have two test cases:

     A.: The login page is a JSP page (bellow) -> the authantication is working fine

<html><head><title>Login Page</title></head>

    <body>

        <font size='5' color='blue'>Please Login</font><hr>

        <form action='j_security_check' method='post'>

            <table>

                 <tr>

                    <td>Name:</td>

                    <td>

                        <input type='text' name='j_username'>

                    </td>

                </tr>

                <tr>

                    <td>Password:</td>

                    <td>

                        <input type='password' name='j_password' size='8'>

                    </td>

                 </tr>

            </table>

            <br>

            <input type='submit' value='login'>

        </form>

    </body>

</html>

     B.: The login page is a JSF page (bellow) -> the authentication is not working, the browser gets redirected to the login page after each attempt and in the log I get the message: "authentication failed test()a".

     The template in the apge bellow is the template generated in a standard RichFaces project created with JB Tools in Eclipse. In any case, even with a XHTML page that does not have templates the behavior is the same.

<!DOCTYPE html>

<html lang="en">

<ui:composition template="/WEB-INF/templates/desktop.xhtml" xmlns:ui="http://java.sun.com/jsf/facelets"

    xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:a4j="http://richfaces.org/a4j"

    xmlns:rich="http://richfaces.org/rich" xmlns:my="http://java.sun.com/jsf/composite/components">

    <ui:define name="content">

        <h:messages />

        <h:form id="loginForm" method="post" action="j_security_check">

            <h:panelGrid id="panel" columns="2" border="0">

                <f:facet name="header">

                    <h:outputText value="Login" />

                </f:facet>

                <h:outputLabel value="User" />

                <input type="text" name="j_username" size="25" />

                <h:outputLabel value="Password" />

                <input type="password" size="15" name="j_password" />

                <f:facet name="footer">

                    <h:panelGroup style="display:block; text-align:center">

                        <input type="submit" value="Log In" />

                    </h:panelGroup>

                </f:facet>

            </h:panelGrid>

        </h:form>

    </ui:define>

</ui:composition>

</html>

Is this a known limitation or some sort of bug?