You have not made resouce '/Beer/ReviewRecipe/' as constrained. If you made, it will work.
It works for the first time. But next time it doesn't ask for username and password
For the first request, tomcat creates session object and sets the time period of 30 min's(default time period of tomcat) and adds it to the cookie object and sends it to the client. Next time client will communicate to the tomcat via. cookie(JSESSIONID cookie).
For the second request if we want authentication, delete cookie at the browser side and send request.
Joined: Jan 13, 2008
Thanks for the clarification on why it doesn't work for next requests. Another thing , I have written security-constraint in line number 23 to 37. I worked fine.