In Tomcat, this is not possible. It is just how j_security_check was made in Tomcat. If you start from the login page directly, chances are once you hit the submit button, you will get an error since the correct way is to start from a protected resource. If you want to automate the login process, you can do so with a combination of querystrings to the login page. Once the login page sees those querystrings, you can redirect it to the protected resource so that the login page will be called again. Then, you can manually call within the login page, the j_security_check URL together with the username and password parameter and their values. See sample URL below.