SecurityFilter tries to authenticate a user only when a secure url is called. For some use cases it would be nice to be able to force it to authenticate always when the userid/password parameters are available in the request.
A typical use is in a public site, where you have a login form on any page which doesn't point to a protected resource, but simply allows the user to login while staying on the current page.