I have created a context in the jbossweb-tomcat55.asr for sharing documents. However, I want to protect this context with a security constraint. To the best of my knowlege I have everything set up correctly, but a user is not prompted for a username/password and the context is still accessible by anyone.

I have tried to get this working by placing the following in the server.xml file in the jbossweb-tomcat55.sar directory please tell me what I am doing wrong. I am at the end of my rope:

 <Host name="localhost"
 autoDeploy="false" deployOnStartup="false" deployXML="false" >
<Context path="/media" appBase="" docBase="/windows/D/media" debug="99" reloadable="true">
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>blah blah blah</web-resource-name>
 <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <auth-constraint>
 <role-name>mediauser</role-name>
 </auth-constraint>
 </security-constraint>
 <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
 driverName="com.mysql.jdbc.Driver"
 connectionURL="jdbc:mysql://localhost/jboss?user=jbossuser&password=password"
 userTable="users" userNameCol="user_name" userCredCol="user_pass"
 userRoleTable="user_roles" roleNameCol="role_name"/>



 <login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>Example Realm</realm-name>
 </login-config>

 <security-role>
 <description>The role that is required to log in to
 the Manager Application</description>
 <role-name>mediauser</role-name>
 </security-role>