I am using Jboss 4. I have configured to use the DatabaseServerLoginModule(Jboss ogin module) to do the authentication and authorisation. I have written a ServletFilter to intercept all the requests to my webapp. But I have noticed that requests from unauthenticated users to protected resources are not intercepted by my filter. The request gets redirected to the configured login page in my web.xml. But I want my Filter to be invoked before the request is redirected to login page. Is it possible to make this happen?
No. A custom authenticator or valve is required. Its an ambiguous aspect of the servlet spec as to whether filters should be engaged in authorization paths and currently tomcat treats filters as application level components that apply after the standard security checks.