In your web.xml, the security-role declaration is commented out. Secondly the role-name mentioned in the auth-constraint element is 'tech' which is not configured in sun-web.xml.
So you must uncomment the security-role declaration and your sun-web.xml must be as follows:
sun-web.xml
------------------
<sun-web-app>
<security-role-mapping>
<role-name>tech</role-name>
<group-name>tech</group-name>
</security-role-mapping>
</sun-web-app>
[Message sent by forum member 'nasradu8' (Sudarsan.Sridhar_at_sun.com)]
http://forums.java.net/jive/thread.jspa?messageID=389986