I am using a Filter to do some URL rewriting. In the filter, I accept a url like:
/user/x/resource/y [1] and convert it to /resource/y?user=x [2] In the Filter, I create a RequestDispatcher using the new url, and then call forward(). The servlet setup to handle "/resource" is set up for Basic authentication in web.xml. It works fine when calling the resource directly, that is, using url [2]. The servlet is called and the authentication works. However, when requesting through the filter using url [1] via POST (which is converted to [2]) the authentication appears to be unavailable to the servlet. That is, Tomcat is obviously authenticating correctly because it is getting to the servlet's doPost() method, but when I call Principal principal = request.getUserPrincipal(); inside of doPost(), "principal" is equal to null. It's as if the Filtering process is somehow clearing the Principal value out of the HttpServletRequest object even though it has been authenticated. Oddly, this works fine with GET; the url rewriting is done correctly, and calling getUserPrincipal() returns a value that contains the username. Am I doing something wrong? Is this a known bug or has any one else seen this problem? Thanks. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>