I want to send request to j_security_check from servlet and get auth cookie from response. Code:

String url = "http://someserver:8080/j_security_check?j_username=user&j_password=qwerty";
HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();

If I put wrong auth parameters then on response I get a default wrong-login page, but if I put right auth parameters I got server code 408. What's wrong?

To get some resource on the tomcat server with j_security_check auth it is necessary to implement three steps:

1. Send GET request to the needed private resource, in response you get a cookie (Header "Set cookie".
2. Send request with cookie (from step 1) to the j_security_check. On response you should get code 302 - "Moved Temporarily".
3. Now you can repeat request to the private resource with same cookie, on responce you get needed resource data.