Are Servlet Filters executed before HTTP authentication?

Discussions

Web tier: servlets, JSP, Web frameworks: Are Servlet Filters executed before HTTP authentication?

  1. What happen before: execution of servlet filters or BASIC HTTP authentication???

    I assume authentication is the one specified declaratively in web.xml

    Can I rely on the user (request.getRemoteUser()) when request is in between filter executions???
  2. The specs are vague. In practice, though, I think most servers perform authentication before filtering.