Securing single CAI project under Websphere

I want to secure a project under the CIA, so that the users have to login. It works fine under the Websphere with /* . It secures the whole CIA environment. I tried to provide more specific but without much luck. The URL to the deployed project is Does anybody know what URL pattern to specify to secure only this project? Any information or hints on the subject will be greatly appreciated.

I tested things under the Tomcat and the results are almost the same. The best I could achieve was with the /FBT/* setting. The authentication happens only for the selected project, but for whatever reason the getRemoteUser() returns “null”.

Is there anybody who tried to secure CAI project(s)? Seams like a very basic thing to ask for ….