问题:

I know that there are alot of topics about this. But I dont get my auth running...

Here my code:

tomcat-users.xml

<role rolename="user"/>
<user username="user" password="geheimu" roles="user"/>
<role rolename="admin"/>
<user username="admin" password="geheima" roles="admin,user"/>

server.xml

<Resource name="UserDatabase" auth="Container"
          type="org.apache.catalina.UserDatabase"
          description="User database that can be updated and saved"
          factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
          pathname="conf/tomcat-users.xml" />

web.xml

<?xml version="1.0" encoding="UTF-8"?>
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">

 <servlet>
    <servlet-name>Jersey REST Service</servlet-name>
    <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
    <init-param>
            <param-name>com.sun.jersey.spi.container.ResourceFilters</param-name>
            <param-value>com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory</param-value>
    </init-param>
 </servlet>



   <servlet-mapping>
  <servlet-name>Jersey REST Service</servlet-name>
<url-pattern>/rest/*</url-pattern>
 </servlet-mapping>

 <session-config>
 <session-timeout>
 30
</session-timeout>
 </session-config>
 <!-- <welcome-file-list>
 <welcome-file>index.jsp</welcome-file>
 </welcome-file-list>-->
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>Estate Service</web-resource-name>
 <url-pattern>/rest/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
 <role-name>admin</role-name>
 <role-name>user</role-name>
</auth-constraint>
 </security-constraint>
<login-config>
  <auth-method>BASIC</auth-method>
 <realm-name>estate</realm-name>
</login-config>
 <security-role>
<role-name>admin</role-name>
 </security-role>
 <security-role>
 <role-name>user</role-name>
 </security-role>
 </web-app>

Rest Resource

 @Path("/estate")
 @RolesAllowed("admin")
 public class EstateResourceBean {
 ...

So when the login pops up and i enter admin, geheima i get unautohrized :(

Is there something wrong with tomcat?