No, this is the expected behavior. A filter initiated login does nothing for the security context in terms of subsequent web requests. It simply establishes the security context for other calls into the app server. You need to use the servlet declarative security model using the web.xml descriptor if you want getUserPrincipal, and isUserInRole calls to work in the web tier.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3848811#3848811 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3848811 ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development