Erro ao utilizar JAAS não consigo autenticar o usuario e senha ?Invalid direct reference to

Olá,

ao digitar o usuário e senha correto (valida via banco) ao clicar no botão Login aparece a mensagem de erro abaixo e não chama a pagina home.jsp:

HTTP Status 400 - Invalid direct reference to form login page

type Status report

message Invalid direct reference to form login page

description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).
Apache Tomcat/7.0.4

login.jsp

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html lang="pt-br">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title>.:: Autenticação ::.</title>

</head>
<body>

<!-- form method="POST" action="<%= response.encodeURL("j_security_check") %>"  -->

<form method="POST" action="<%= response.encodeURL("j_security_check") %>" >
<fieldset title="Informe login e senha">
<legend>Login</legend>

<label for="j_username">Login:</label>
&lt;input type="text" name="j_username" class="textBox"/&gt;<br/>

&lt;label for="j_password"&gt;Senha:&lt;/label&gt;
&lt;input type="password" name="j_password" class="textBox"/&gt;<br/>

&lt;/fieldset&gt;
<p >
&lt;input type="submit" value="Log In"/&gt;
</p>
&lt;/form&gt;
&lt;/body&gt;
&lt;/html&gt;

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	id="WebApp_ID" version="2.5">
	<display-name>SecurityJdbc</display-name>
	<welcome-file-list>
		<welcome-file>login.jsp</welcome-file>
	</welcome-file-list>


	<!-- Configuração do DataSource. -->
	<!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
	<resource-ref>
		<description>Web Database</description>
		<res-ref-name>jdbc/stripessec</res-ref-name>
		<res-type>javax.sql.DataSource</res-type>
		<res-auth>Container</res-auth>
	</resource-ref>

	<!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
	<!-- Configuração da autenticação e autorização. -->
	<!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
	<security-constraint>
		<display-name>Área Restrita</display-name>
		<web-resource-collection>
			<web-resource-name>Arquivos protegidos por login</web-resource-name>
			<url-pattern>/jsp/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>systemuser</role-name>
		</auth-constraint>
	</security-constraint>
	<login-config>
		<auth-method>FORM</auth-method>
		<realm-name>StripesSecRealm</realm-name>
		<form-login-config>
			<form-login-page>/login.jsp</form-login-page>
			<form-error-page>/error.jsp</form-error-page>
		</form-login-config>
	</login-config>
	<security-role>
		<role-name>systemuser</role-name>
	</security-role>
  
</web-app>