I at last found the error. The form I used hat a small error.
<form action="j_security_check" method="post">
Username: <input type="text" name="j_username">
Passwort: <input type="password" name="j_password">
<input type="submit" value="Login">
</form>
I just had "value="submit", that was fatal.
Second I suppose that the role name must be written with a first big letter.
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<security-constraint>
<display-name>AdminDisplay</display-name>
<web-resource-collection>
<web-resource-name>WebResource</web-resource-name>
<description/>
<url-pattern>/verwaltungsOrdner/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>ConstraintBeschreibung</description>
<role-name>AdminRolle</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginFehler.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>AdminRolle</role-name>
</security-role>
</web-app>
and sun-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
<context-root>/Schutz_1</context-root>
<security-role-mapping>
<role-name>AdminRolle</role-name>
<principal-name>verwalter</principal-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
</sun-web-app>
It was annoiing to find the error, because there were no error messages.