No. A custom authenticator or valve is required. Its an ambiguous aspect of the servlet spec as to whether filters should be engaged in authorization paths and currently tomcat treats filters as application level components that apply after the standard security checks.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3874480#3874480 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3874480 ------------------------------------------------------- This SF.Net email is sponsored by: New Crystal Reports XI. Version 11 adds new functionality designed to reduce time involved in creating, integrating, and deploying reporting solutions. Free runtime info, new features, or free trial, at: http://www.businessobjects.com/devxi/728 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user