(writtmeyer) thanks for the info on the relaxing of the order constraints. I was not aware of that.
when the auth-method is BASIC, you *may* need to rest your browser to cause it to stop sending previously collected credentials.
if the auth-method is BASIC, the info in form-login-config will not be applied as it pertains to the "FORM" (based login) auth-method.
if you are trying to use form-based-login, change the auth-method to "FORM"
Ron
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=275210