BASIC authenication trouble

Hello:

I am trying to set up BASIC authentication on a servlet on OAS 10.1.3.1. I want to constrain every method of access to the servlet. I have created a realm through the Security Providers. Here are my web.xml:

<security-constraint>
<web-resource-collection>
<web-resource-name>CodeReloading</web-resource-name>
<url-pattern>/codereloadservlet</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>DELETE</http-method>
<http-method>TRACE</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>codereloadrole</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>codereloadrole</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>codereload</realm-name>
</login-config>

My realm ("codereload") has one role, "codereloadrole" and one user "user1" (password: "pass1") and the user is attached to the role. I get the popup login box when going to the servlet but user1/pass1 does not work. Am I missing some bit of configuration?

Thanks
Eric

I figured out the problem . . . when using a custom realm you must prefix the user with the realm name e.g. codereload/user1. but now I get

java.lang.NullPointerException
    at oracle.security.jazn.oc4j.RealmUserAdaptor.isDeactivated(JAZNUserManager.java:1311)
    at oracle.security.jazn.oc4j.RealmUserAdaptor.authenticate(JAZNUserManager.java:1365)
    at oracle.security.jazn.oc4j.FilterUser.authenticate(JAZNUserManager.java:1143)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.EvermindHttpServletRequest.checkAndSetRemoteUser(EvermindHttpServletRequest
    .java:3760)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.EvermindHttpServletRequest.getUserPrincipalInternal
    (EvermindHttpServletRequest.java:3727)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.AJPHttpServletRequest.getUserPrincipalInternal(AJPHttpServletRequest
    .java:260)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpApplication.checkAuthenticationAndAuthorize(HttpApplication
    .java:6350)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpApplication.getRequestDispatcher(HttpApplication
    .java:3030)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler
    .java:738)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler
    .java:453)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.AJPRequestHandler.run(AJPRequestHandler.java:313)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].server.http.AJPRequestHandler.run(AJPRequestHandler.java:199)
    at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
    at com.evermind[Oracle Containers for J2EE 10g (10.1.3.4.0) ].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor
    .java:303)
    at java.lang.Thread.run(Thread.java:595)

BASIC authentication is supposed to be easier than this! Does anybody know what this means?

Thanks
Eric