I successfully used the filter to capture the remote user. Using the ‘getRemoteUser’ method from the request object (I am using Tomcat 4.1). Is it possible to use the filter in conjunction with access control method such as ‘isUserInRole’? Any suggestions? Thanks Avi