the directions you cited should get you where you want to get.
note that the container forces the user to authenticate (according to the configured login-method) when the user issues a request that matches a url-pattern that is the target of
a security (auth)-constraint.
IOW, in addition to defining the login-method, you need to define security-constrainst in order to establish for which request the container will require a user authentication.
Also since you have configured your login-method to use the file realm, you will have to configure one or more username/password combintaions in the file realm.
Ron
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=303034