security filter not working on first page

I have a filter which I want to check to see if the user is authenticated every time a page is requested from within a specific url '/pages/*' and if not redirect to '/login.jsp'. I've written a filter which works and applied it to the url but the first time I request a page it doesn't check.

My welcome page is '/index.jsp' and it just contains a jsp:forward to '/pages/main.jsp'. The filter should apply to the request for 'main.jsp' but it doesn't. The page loads and only when I try to go somewhere else or reload the page do I get redirected to 'login.jsp' like I want to. I don't think it has to do with the jsp:forward because I can type in a url for a specific page that should cause a redirect but the same thing happens.

Does anyone know why this isn't working?

Is the filter configured so that it gets used for all kinds of accesses? Under a Servlet 2.4-compatible container you can use the <dispatcher> element in web.xml to control this.

Thanks for the reply Ulf!

I'm using Tomcat 5.5, here's my filter stuff in web.xml:

Pretty simple... I don't know what <dispatcher> is for, should I be using it?

Possibly

Have a look at http://www.javaworld.com/javaworld/jw-03-2003/jw-0328-servlet_p.html under "RequestDispatcher changes". That explains what's going on. It's also in the Servlet Specification in chapter 6.2.5.

Great, thanks alot for those pointers! My filter is finally working now!