The Servlet-API does not provide such a security leak. But some containers offer alike. Have a look at the <Valve> Configuration of Apache Tomcat. Maybe there is a similar functionality for webshere, but typically you need to hire a ibm consultant to "find" the configuration.

This worked for me: https://stackoverflow.com/a/8815211/964681

Sorry, couldn't just comment on your question. Haven't enough "points".

Some application servers/servlet containers (Tomcat, JBoss) provide the cross context feature. It does depend on what you're running your application within however, it's not a J2EE feature.

http://tomcat.apache.org/tomcat-5.5-doc/config/context.html

I'm not sure whether this will help you in what you want to do. What is it exactly? : )

Take a look at this response as well:

What does the crossContext attribute do in Tomcat? Does it enable session sharing?

In case anyone is still interested, here are my findings regarding this question:

1. For tomcat and others webapp servers derived from it (eg: JBoss), you can add your filter to the "global" web.xml, usually located under $TOMCAT_HOME/conf/web.xml.

2. For Websphere, I´ve found the following article to be useful: http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/WP101859 . In this case, the basic idea is that you write a ServletContext Listener and uses it to attach your filter to the app

There is no way to do this in a container/platform independent way. Your J2EE container might provide hooks for you to do this though.