Did you define a user.properties file with userid=password? I don't know how it works with apache, but with JBoss (which uses apache) you also have a role.properties file. In there, you define userid=role. Then the role shows-up in the web.xml where you define your protected components. You can say "is user in role" when in your servlet.
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com