You have broken login-config.xml
There are configurations in there that are used by jboss, you have removed them.
Just *add* your policy, don't delete the old ones until you know where they
are [not] used.
Thanks Adrian. I do not get the securityexception anymore, but somehow my I do not see any kind of popup for authentication, when I access index.html of my webapp. What do I need to do for some kind of authentication. The simpler the better.