I'm using the Cactus-framework for testing within eclipse. As I secured the ejb's in my application, I needed zu configure Cactus to login with username and password.
I had already Cactus-testcases written, that ran before I secored the ejb's. I had configured Cactus in the web.xml of the cactus-directory. To secure Cactus, I changed my modifications there. All that was compliant to the Cactus-docs. Problem: An Exception was thrown explaining, "...unable to retrieve resultset...". No testcase was started.
I read the Jaas-Howto several times. Then I remarked, that in this Howto, the secured servlets are deployed in the deploy-directory, with an web.xml just for these servlets. The solution to my problem was to deploy a web.xml for cactus separately just as any other web-application in the deploy-directory, and not in the tomcat-folder. Now the jaas-mechanism works for the secured cactus-servlet.
But why is this a solution, or: Why doesn't jaas respect entries in the web.xml of tomcat?
Explanation would be geratful!