Hello there! This is a simple one: We have a custom login module, after user is authenticated we use a Filter to add new information to the user's session. My question is, the thread used by the j_security_check is the same for the entire process? j_security_check -> login_module -> filter -> index.jsp?
Best regards
Servlet filters do not participate in authentication decisions. You need to use a tomcat valve to do this.
http://wiki.jboss.org/wiki/Wiki.jsp?page=CustomizingSecurityUsingValves