I have noticed that, too, while preparing a WebLogic web application to run on Tomcat.
The code of ApplicationDispatcher says: "<strong>IMPLEMENTATION NOTE</strong>: This implementation assumes that no filters are applied to a forwarded or included resource, because they were already done for the original request." For authorization that might even be better, check it once as it comes from outside and if you pass you can go everywhere the current security police allows. I can imagine cases where it wouldn't work though - think about pre-/post-processing each request for whatever reason (your own proprietary security? to decorate each request? decompress in case not all resource has been compressed and you have to decide request by request?), regardless if included or forwarded. In my case I was able to change my code but it was not trivial :-( I think it should be at least controlled by parameters, nothing in the Servlet API v.2 spec leads to believe that it should work that way. Tomasz --- Tim Funk <[EMAIL PROTECTED]> schrieb: > Filters are only run once for the incoming request. See the archives > for > more information. > > -Tim > > Karl Kraft wrote: > > I've written a Filter to get applied to all page requests so that I > can > > perform some access control and logging. > > > > However, when a servlet redirects using the forward() method of > > RequestDispatcher, it doesn't seem to go through the filter. > > > > If needed, I can call the Filter manually before I do the > forward(), but > > I'm wondering if there is a more preferred way to do this. > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > __________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Bis zu 100 MB Speicher bei http://premiummail.yahoo.de --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]