In accordance with embodiments, one or more authentication filters may be employed to supplement an authentication process. The authentication process to be supplemented may be executed by one or more servlets in a servlet container. A servlet authentication filter is an authentication filter that may be invoked by a servlet. Requests may be made by requestors (also called "users"), which include humans as well as computational entities. The ability to modify a request and/or request state can enable multi-phase authentication processes, i.e., authentication processes with more than one authentication step, or modification to a default authentication process, i.e., authentication processes invoked if no other authentication processes are provided.