The approach implemented here - Java Servlet Filter-based authentication - involves a fundamental problem: it does no longer work once you start specifying <auth-constraint>s in your web.xml. The reason is that the container processes security constraints first, before it processes filters.
(This issue was created to make people aware of that rather than that this issue should be fixed.)
The approach implemented here - Java Servlet Filter-based authentication - involves a fundamental problem: it does no longer work once you start specifying
<auth-constraint>s in yourweb.xml. The reason is that the container processes security constraints first, before it processes filters.(This issue was created to make people aware of that rather than that this issue should be fixed.)