tomcat authentication not working

Hi,

Follow the Tomcat [tag:tomcat]'s tutorial for form-based authentication, I've tried it out in localhost.
My purpose is to protect /lvyouzaike/admin/*
I've mapped the domain name www.lyzk.org to $(TomcatPath)/webapps/lvyouzaike directory. I aim to let login.jsp shown when I type http://www.lyzk.org/admin/index.jsp, suppose index.jsp is one of the files to be protected.
Next I post related files.

majority code of web.xml

<filter>
    		<filter-name>struts2</filter-name>
    		<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
    	</filter>
    	<filter-mapping>
    		<filter-name>struts2</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>
    	<listener>
    		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    	</listener>
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		
    		<param-value>classpath:beans.xml</param-value>
    	</context-param>
    	<resource-ref>
    		<description>DB Connection</description>
    		<res-ref-name>jdbc/auth</res-ref-name>
    		<res-type>javax.sql.DataSource</res-type>
    		<res-auth>Container</res-auth>
    	</resource-ref>
    	
    	<security-constraint>
              <display-name>lyzk Security Constraint</display-name>
    	  <web-resource-collection>
    	    <web-resource-name>admin area</web-resource-name>
    	    
    	    <url-pattern>/admin/*</url-pattern>
    	    
    	    <http-method>DELETE</http-method>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
                <http-method>PUT</http-method>
    	  </web-resource-collection>
    	  <auth-constraint>
                
                <role-name>admin</role-name>
              </auth-constraint>      
            </security-constraint>
    
        
        <login-config>
          <auth-method>FORM</auth-method>
          <realm-name>lvyouzaike</realm-name>
          <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/error_login.jsp</form-error-page>
          </form-login-config>
        </login-config>
    
        
        <security-role>
          <role-name>admin</role-name>
        </security-role>
    	
    </web-app>

context.xml under $(TomcatPath)/lvyouzaike/META-INF

related code of server.xml under $(TomcatPath)/conf

login.jsp under $(TomcatPath)/lvyouzaike

index.jsp under $(TomcatPath)/lvyouzaike/admin where I wanna protect

Notice that in localhost everything runs well: when I type "localhost/admin/index.jsp", the login page is shown and I have to log on with correct name and password. Yet when I input "http://www.lyzk.org/admin/index.jsp", it is there directly without the expected appearance of login.jsp.
So what's the problem? Thanks a lot for your help.

--Harry

I don't think you're supposed to do an encodeURL on the form doing the j_security_check. The J2EE container login/loginfail forms do not have their own URLs, but are managed entirely by the Tomcat server.

Also, if you define a Context in tomcat's server.xml, it should completely override all elements of a context defined in the WAR it references. The WAR META-INF/context.xml is only used when there's no explict server-defined context.