Nothing works. <dispatcher>FORWARD</dispatcher> in the security filter gives a strange error in browser – the page can not be dispalyed due to endless redirects or something like. Reordering didn’t help too. Request goes now through the security filter, but the logged in user (Principal Object) is not in the session. Don’t know but it seems the Rewrite overwrites somehow Request Attributes where the Principal is.
Do you play Magic?
Get TopDecked MTG, the #1 Magic App, built by players, for players. Free to use, forever.