The stacktrace is exactly what is to be expected. So it is working - even though obvioulsy not as you had expected ;-)
First you should have a look at the field "password digest" of your JDBCRealm. If it is empty, it uses the default-digest which is MD5. So any plain-text passwords in the database would yield a SecurityException because the plain text doesn't match the md5-value of this text. If you want to use plain text passwords in your database (not to be recommended IMHO, but nevertheless), you have to explicitly enter the value "none" in this input field. This seems to be a common pitfall - so maybe it is also the cause of your troubles.
Of course your deployment descriptors should also be configured. Your web.xml obviously is correctly configured (given the stacktrace posted), so [i]maybe[/i] your sun-web.xml needs changes and you might need to configure the role-mapping. S.th. like the following might be needed:
<sun-web-app>
<security-role-mapping>
<role-name>Users</role-name>
<group-name>myGroup</group-name>
</security-role-mapping>
</sun-web-app>
--
Wolfram Rittmeyer
[Message sent by forum member 'writtmeyer' (writtmeyer)]
http://forums.java.net/jive/thread.jspa?messageID=273007