As per the servlet spec (2.3/2.4) the servlet filters will be executed only
if the authentication succeeds. So what you are trying to do will not
work. Workaround: use AuthFilters.

In the next release AuthFilters are going to be replaced with a more
generic mechanism.

Also the next version of servlet spec (one after 2.4) might have a way
to specify filters will be executed before the authentication phase. This
is still being discussed.


"Benoit" wrote in message
> Hello,
> I should apply a servlet filter on a Secured Page.
> Pages are secured via CLIENT-CERT.
> The filter tests if the user is authenticated, if no, the request is

> elsewhere.
> But security is performed before filter and the 401 (Unauthorize error)

> !
> How can I apply the filter before security ?
> Thanks in advance.