Here is some web sites for you to read - http://docs.oracle.com/javaee/1.4/tutorial/doc/Security5.html and http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html
Basically in the gwt-console-server the rest services is expost and use form base authentications - so what happen is that you have called a secure web pages, and are redirected to a page to ask you your user credentials -
The authentication screen ask you to do a http "Post" on the submit to the j_security_check ( with the post you are forced to pass the j_username and j_password variables as parameters - in a get the call would habe looked something like this
http://localhost:8080/gwt-console-server/rs/process/j_security_check?j_username=admin&j_password=admin
you have to do this with on the same httpclient otherwise you will get a timeout.
S#o all Form base pages will have this behaviour..
in my code it look something like this
String secUrl = _jbpmRest+"/process/j_security_check";
logger.info("start sec url:------>"+secUrl+"\n\n\n\n");content = authenticate(secUrl, _userId , _password);
_jbpmRest is the offset to http://localhost:8080/gwt-consoel-server/rs - this is not hard coded for obvious reasons
Basically if you are autheticated in a httpclient session then that authentication will be valid for the life of the session
_userid, and _password is the authentication credential for the user I am logged in as....
I know that you want to get started and build some workflows, but I can suggest that get a good grounding in j2ee web applications and there are a range of free internet resources available to get started like the pages I suggest earlier. Or you can join Safari online and enjoy some of the online books they have available
I hope this help. .