I followed a tutorial for a J2EE web application and so far it works great. But I got stuck at the security step.

The web app uses a H2 database for persistence and the authetication is supposed to use user information in that database with a basic authentication.

It works insofar as it pops the authentication dialog. If I enter invalid user information it just reappears. I guess so far it works as it should. But when I enter supposedly correct user information I get a web page saying

"HTTP Status 403 - Access to the requested resource has been denied". So I guess the database actually is consulted for authentication but the next step goes wrong. Any idea where to look?