Using 3.2.1 with Jetty.

I have a webapplication based on a number of separately deployed ears. Each such ear is also tested separately using junitee. That is each ear will contain a test war file. Now I want to restict access to those war files, the jmx-console using BASIC authentication. The webapplication on the other hand uses FORM based authentication. I would like to use webdefault.xml to set up "default security" using BASIC authentication and then override those default settings in my webapplication's web.xml (different role and FORM based authentication). Each test war file works as expected whereas my webapplication doesnt seem to be able to load the html rewritten url for javascript and stylesheet on the provided login form. If a remove the security settings from webdefault my webapplication works fine but is leaves me with the pain of having to secure all test wars manually one by one :-(. Any ideas?