Apart from the obvious spelling error in the realm definition, the issue was two-fold.
The realm had to be defined in a separate file, not the 'server.xml' file. Apache uses this file to define its own realm used to allow users to actually start the server. For your own application, you must define your realm in the 'context.xml' file of the application (in NetBeans). This may be <application_name>.xml for other IDEs (perhaps Eclipse).
Also, the jar file for the database to be used for authentication had to be placed in the apache
tomcat lib folder. This doesn't sound very scalable, but understandable if you are using a custom database for your credentials data source. Using LDAP would be handy, wouldnt it?
One small problem: the permission granted is somehow tied to the browser. I had another browser window (tab) open before launcing my application. After closing my tab and relaunching, I went straight to the 'protected' page.
How do I limit the authentication to the session and NOT the application?
[ March 28, 2008: Message edited by: Princeton Ebanks ]