username and password are not getting verified by tomcat

While learning security chapter from HFSJ, i modified a webapp of my own that uses a servlet to give medical advice.
I put the security lock on the servlet, so that when the servlet is invoked , it prompts for username and password. My web.xml is :

<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd" version="2.5"> <security-role> <role-name>role1</role-name> <role-name>tomcat</role-name> </security-role> <login-config> <auth-method>BASIC</auth-method> </login-config> <security-constraint> <web-resource-collection> <web-resource-name>PharmacistServlet</web-resource-name> <url-pattern>/ConsultPharmacist.do</url-pattern> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint> <servlet> <servlet-name>My Pharmacy</servlet-name> <servlet-class>com.example.web.PharmacistConsultation</servlet-class> </servlet> <servlet-mapping> <servlet-name>My Pharmacy</servlet-name> <url-pattern>/ConsultPharmacist.do</url-pattern> </servlet-mapping> </web-app>

the tomcat-users.xml has the following usernames and passwords:
<tomcat-users> <!-- <role rolename="tomcat"/> <role rolename="role1"/> <user username="tomcat" password="tomcat" roles="tomcat"/> <user username="both" password="tomcat" roles="tomcat,role1"/> <user username="role1" password="tomcat" roles="role1"/> <user username="saimakanwal" password="tomcat" roles="role1"/> --> </tomcat-users>

I have tried each and every username /password pair but it again shows the authentication pop up box without accepting it. Note that my web app without these security settings is working well. It is not authenticating the usernames. can anyone help me out , why ?? what's the mistake?

Remove the comments (<!-- -->) from tomcat-users.xml

Thanks.