I´m working with an webapplication using Struts in the weblayer, to protect the different
Struts-actions have I specified:

 <security-constraint>
 <web-resource-collection>
 <web-resource-name>Admin pages</web-resource-name>
 <url-pattern>/admin/*</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>Admin</role-name>
 </auth-constraint>
</security-constraint>

The application is then deployed in JBoss4 and the first time it is launched everything works perfectly, a user can try the access an action, get a login-page, log in and then be able to access the action. But if I redeploy the application and then try to access an action I still get the login-page but after I have logged in I get a "403 - Access to the requested resource has been denied"

I´m having trouble figuring out where the problem lies, since it does work when the application is deployed for the first time on the JBoss. What differs from an initial deployment and a redeployment?

Any ideas anyone?