Did you do the P2R mapping in sun-web.xml ?. Or goto domain.xml and activate default-principal-to-role-mapping.
<security-service activate-default-principal-to-role-mapping="false" anonymous-role="AttributeDeprecated" audit-enabled="false" audit-modules="default" default-realm="file" jacc="default">
as you can see it is false by default. You will need to restart the server.
As for your other comment :
> In the domain log
> it says that login was sucessful but I keep getting the 403 error. When I
> restart, redeploy, and even rename the context the login box never comes
> back up and it goes directly to the 403 error screen but the domain log
> says the login was successful.
This generally happens with BASIC Auth due to caching that happens on the browsers. One Easy way to get back the login-box is to completely kill your running browser and restart the browser and access the App again. You will then see the login-box back again.
Infact even in cases where your login was successful and there was no 403 (but your app was invoked successfully), you would see the same behavior, it would ask you for the login-box once and every next time you try it will directly take you to the App page.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]
http://forums.java.net/jive/thread.jspa?messageID=287280