This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
<url-pattern> pattern is *.jsp, now all jsp is restricted access to authorized user only.
I think your index.jsp is at root of web application...
and you have given <http-method>POST</http-method> in <web-resource-collection> tag,
this means POST request only authenticate the user & I think you are calling by typing URL in browser that is GET request.
so you should add GET request support as added above.
Joined: Jul 10, 2008
If you want detail behavior of this you can get it from HFSJ's security chapter....