I developed a small wep application with the following deployment descriptor:

<?xml version="1.0"?>
<web-app>
 <security-role>
 <role-name>repadmin</role-name>
 </security-role>
 <servlet>
 <servlet-name>controller</servlet-name>
 <servlet-class>com.ifm.util.filemanager.ControllerServlet</servlet-class>
 <security-role-ref>
 <role-name>repadmin</role-name>
 <role-link>repadmin</role-link>
 </security-role-ref>
 </servlet>
 <servlet>
 <servlet-name>upload</servlet-name>
 <servlet-class>com.ifm.util.filemanager.UploadServlet</servlet-class>
 </servlet>
 <servlet-mapping>
 <servlet-name>controller</servlet-name>
 <url-pattern>/main/*</url-pattern>
 </servlet-mapping>
 <servlet-mapping>
 <servlet-name>upload</servlet-name>
 <url-pattern>/uploadFile/*</url-pattern>
 </servlet-mapping>
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>All</web-resource-name>
 <url-pattern>/*</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 <auth-constraint>
 <role-name>repadmin</role-name>
 </auth-constraint>
 <user-data-constraint>
 <transport-guarantee>NONE</transport-guarantee>
 </user-data-constraint>
 </web-resource-collection>
 </security-constraint>
 <context-param>
 <param-name>uploadDir</param-name>
 <param-value>/home/java/upload</param-value>
 </context-param>
 <context-param>
 <param-name>fileExtension</param-name>
 <param-value>mdc</param-value>
 </context-param>
 <context-param>
 <param-name>renameUploads</param-name>
 <param-value>true</param-value>
 </context-param>
 <login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>ldap-login</realm-name>
 </login-config>
</web-app>

The application deploys to jboss without problems.

My problem is that when I am accessing the page no login dialog appears and I can access the app without any authentication.

Any ideas?

Thanks in advance

Thorsten