Lance suggested a while back that I try Roller's BreadCrumbFilter to get the originally requested URL for form-based authentication. The idea is that if you can get this URL, you can use it to login again on your form-login-error page. So I added
BreadCrumbFilter.java to my security project and mapped it to /*. The value I'm hoping to grab is a URL to welcome.do, since that is where I route users when the hit the welcome page. I found that this filter never gives me welcome.do, but that
request.getHeader("referer"); gives it to me just fine - but only in IE. Yeck. I guess Craig was right when he said that you can't reliably get the original URL. I guess you can always just hard-code the action in your form-error-page to go to your main menu. That is, if your app server doesn't support the same page thing.