Web application protection with Tomcat

[Lukem]

Hi everyone,

I want to protect my web application and the protection process is not working properly.
I have made locally and the following:
In web.xml of the web application I have made the following entries:

Code:

<!-- Define a security constraint on this application -->
	<security-constraint>
	  <web-resource-collection>
	    <web-resource-name>mmv-swf</web-resource-name>
	    <url-pattern>/*</url-pattern>
	  </web-resource-collection>
	  <auth-constraint> 
	    <!-- This role is not in the default user directory -->
	    <role-name>mmv-swf</role-name>
	  </auth-constraint>
	</security-constraint>
	
	<!-- Define the login configuration for this application -->
	<login-config>
	  <auth-method>BASIC</auth-method>
	  <realm-name>mmv-swf</realm-name>
	</login-config>
	
	<!-- Security roles referenced by this web application -->
	<security-role>
	  <description>
	    The role that is required to log in to the Manager Application
	  </description>
	  <role-name>mmv-swf</role-name>
	</security-role>

In tomcat-users.xml (In TomcatHome/conf) was added to this:

Code:

<role rolename="mmv-swf"/>
<user username="test" password="test" roles="mmv-swf"/>

Under the new launch of the web server and run the Web Aplikation I get a window that requires the user name here and your password. I give the user name (test) and password (test), entered into tomcat-users.xml, but it requires the user name and password again, and again, again ...

Now I do not know what I did wrong.

Can someone please help me?

Thanks in advance.

[dr_pompeii]

I want to protect my web application and the protection process is not working properly.

OK, but why you are doing this with Tomcat directly?
did you read the Tomcat documentation? , this is not related with Spring

I suggest you consider Spring Security.