As per the servlet spec (2.3/2.4) the servlet filters will be executed only
if the authentication succeeds. So what you are trying to do will not
work. Workaround: use AuthFilters.

http://e-docs.bea.com/wls/docs81/jav...uthFilter.html

In the next release AuthFilters are going to be replaced with a more
generic mechanism.

Also the next version of servlet spec (one after 2.4) might have a way
to specify filters will be executed before the authentication phase. This
is still being discussed.

--Vinod.



"Benoit" wrote in message
news:3f570b89@newsgroups.bea.com...
>
> Hello,
> I should apply a servlet filter on a Secured Page.
>
> Pages are secured via CLIENT-CERT.
> The filter tests if the user is authenticated, if no, the request is

redirected
> elsewhere.
>
> But security is performed before filter and the 401 (Unauthorize error)

appears
> !
>
> How can I apply the filter before security ?
>
> Thanks in advance.