James,
On Thursday, August 24, 2017 4:58 PM, James H. H. Lampert <jam...@touchtonecorp.com> wrote: >> This is interesting: >> >> I added this (contents of web-resource-collection omitted) to the top of >> the context's web.inf, right below the "web-app" and "display-name" tags: >> >>> <web-resource-collection> >> . . . >>> </web-resource-collection> >>> <auth-constraint/> >>> </security-constraint> >. . . > > Of course, I meant to say, ". . . the context's WEB-INF/web.xml" > > Oops. The question in my previous post still stands: why is it that when > I change the above to an auth-constraint that *should* produce a > password dialog, am I still going straight to a 403 page? If you successfully logged in previously, I suggest you check your browser for any cookies that were created at that time. You will probably need to remove them before the login challenge will be presented. - Bob