Currently, all links mapped to the /display/ servlet redirect to the login page.

This is because request.getRemoteUser() is null.

We think it is something to do with Resin 3.0.8 applying filters again on a forwarded request, and webwork or our filters not coping properly.

You can track this down in ConfluenceActionSupport.getRemoteUser().

Other versions of Resin (2.x) do not seem to be affected, nor does any other application server.