Hello All, I'm using Jboss 3.0.4/Tomcat 4.1.12 and can't get BASIC authentication to work (works fine in Weblogic).

I'm deploying an .ear file that has a .war file in it. When I hit a protected page I immediately get a 403 in the browser - no challenge box.

web.xml
-------
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Pages</web-resource-name>
Must be admin user to access
<url-pattern>/admin/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
Pages for admin only
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
We are not requiring SSL to access these pages
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
....
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>appDB</realm-name>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>

jboss-web.xml
-------------
<jboss-web>
<security-domain>java:/jaas/appDB</security-domain>
</jboss-web>

The appDB policy is ok and works outside of the web app.
I see nothing in the logs at all when I try to access a protected page ....

I've seen occasional reports of issues with this feature and was hoping someone could suggest a solution.

Thanks,
Dan