Inner forward to the custom login page so the original URL stays in the browser. 3. Submit the login via j_security_check. (lets say the password was incorrect in .