I'm using JBoss 3.0 integrated with tomcat and I'm unable to get a secrity realm to work properly. I added my Context to the tomcat4-service.xml, it contains a Realm set to use org.apache.catalina.realm.JNDIRealm. I've set in my web.xml to use BASIC authentication. I do not get challenged when accessing a JSP that should be protected. If I switch my auth-method from BASIC to FORM I get automatically redirected to my form login page but when the page is submitted no validation is performed, it just accepts whatever junk username/password I enter and proceeds to execute the JSP.

I have tried the same on a stand-alone tomcat with out a problem.

Does anyone have any notes on getting this type of thing working properly?