While learning security chapter from HFSJ, i modified a webapp of my own that uses a servlet to give medical advice.
I put the security lock on the servlet, so that when the servlet is invoked , it prompts for username and password. My web.xml is :
the tomcat-users.xml has the following usernames and passwords:
I have tried each and every username /password pair but it again shows the authentication pop up box without accepting it. Note that my web app without these security settings is working well. It is not authenticating the usernames. can anyone help me out , why ?? what's the mistake?