Presently FORM based authentication does not allow developers to provide common functionality such as 'remember me' cookies, transparent authentication (from request attributes), and login failure error messages (somewhat addressed by ExtendedFormAuthenticator)
These can be accomplished by extending the existing functionality (FormAuthenticator); unfortunately, the FormAuthenticator that ships w/ JBoss 4.0.3 does not have the necessary hooks for this.
The attached code (auth.zip) demonstrates how we accomplished this; the primary change is in BaseCustomFormAuthenticator, with the addition of:
1) getUserCredentials method that looks for user credentials in the request (remember me cookie, IP address, query string, etc.)
2) getCredentialsFromFormFields that pulls credentials from j_username and j_password - can be extended to pull other attributes as well
3) Addition of onFailedAuthentication hook to allow for inserting authentication exceptions into request scope
4) Addition of inlineAuthentication flag (set if credentials are found in request) to prevent restoring original request (in the case of inline auth, this is the original request)
The default implementation matches existing behaviour; see ChoicesFormAuthenticator for an example of how behaviour can be extended.