thanks to all who replied: dave, it may or may not be acegi configuration, i need to do some further investigation.
i think the key is that when myfaces get's the request via FacesContext it is no longer wrapped, thus containing zero acegi information when queried by myfaces. ricardo, SecurityContextHolderAwareRequestFilter is in my filter chain as illustrated by the fact the the class of the request (at least the first reference visible to the jsp) is acegi's org.acegisecurity.wrapper.SavedRequestAwareWrapper. cagatay, thanks for the sample webapp, which of course works perfectly ;O i ran my jsp under it and the request reference obtained via FacesContext was in fact wrapped. i noticed that your webapp uses the sun jsf ri and acegi rc1, so i even tried migrating it to myfaces and acegi 1, and it still worked perfectly, outputting: jsp request class = [org.acegisecurity.wrapper.SavedRequestAwareWrapper] faces request class = [org.acegisecurity.wrapper.SavedRequestAwareWrapper] so, there is something squirrelly (is that a word?) going on with my setup. of course, i'm an obscure bug magnet ;) now i have to do some experimentation trying to find that darned squirrel, i'll post back with my findings. thanks again! -- View this message in context: http://www.nabble.com/Acegi-filter-wrapped-request-not-seen-by-visibleOnUserRole...%21--t1815172.html#a4973015 Sent from the MyFaces - Users forum at Nabble.com.
