See https://atlaseye.atlassian.com/cru/CR-CONF-3476#c94769

"This whole attribute kerfuffle is redundant with servlet 2.4 dispatchers, isn't it? The idea was to prevent re-application of the filter in a forward or error dispatch, but that's possible just by changing the web.xml configuration now.

Should we fix it up in Seraph too? Remove all this crap from the filters and release a new major version which requires servlet 2.4?

Richard Atkins says:
That's right, it was only needed while there was no way to specify which dispatcher a filter should run in, which was added in servlet 2.4. We've been running with a 2.4 compliant container since we started shipping Tomcat 5.5.x with Confluence (any idea when?).

We should cut servlet 2.4 versions of seraph, gzipfilter and sitemesh (we've already done a similar workaround for its double-filtering protection flag in the ProfilingPageFilter for 5.0, just so we could get the 404 page to be decorated consistently). Although really, we should rip and replace seraph with spring security before that happens"