Did you get an answer to this. I have the same problem.
I found the answer. I have a copy of the source.
The problem lies in org.mortbay.http.SecurityConstraint
Code.warning("AUTH FAILURE: role for "+user.getName());
if ("BASIC".equalsIgnoreCase (authenticator.getAuthMethod()))
"User not in required role");
return -1; // role failed.
i.e. Jetty is programmed to do this for Basic Authentication. Looks like I will have to change to use ssomething else. (sigh!)