Before going farthar, have you looked at the Single Sign On valve?
If you are using container managed security(such as form authentication), those contraints are executed before the filter chain is ever made.
Unfortunately, I cannot use container managed security because I have to support login from static pages, from other server or via links that contain the logon key.
(Otherwise) I am unsure of the semantics of getId() without re-reading the javadocs or the spec.
The api does not mention a null value for that method. (at least in the version I read)
Regards,
Hans
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
