Simple test page from Tomcat FAQ (http://wiki.apache.org/tomcat/FAQ/CharacterEncoding#Q4) work right in non-secure web-app.
After apply BASIC web authentication, character encoding of posted data is broken.

After authentication, request.setCharactEncoding("UTF-8") in request filter does no effect too.
No matter which login module in use, org.jboss.security.auth.spi.UsersRolesLoginModule or my own login module.
Seems that authentication cause access the Request object in app server before it can be accessed in user request filter.
After that, setting request.setCharacterEncoding not work.

Insecure web-application work fine and non-ASCII characters appear correctly.
This bug starts in CR-releases of JBoss 5.