I just finished rigging up my site to handle authentication on my admin site. Previously, it had been wide open, but that’s the beauty of security through obscurity. :)
Anyway, it was a royal pain-in-the-ass to get container-managed authentication working. When I get a chance, I’ll post a blow-by-blow account of problems I had and what I did to fix them. Suffice to say, the documentation out there isn’t entirely correct on all matters. To this day, I’m not sure why I couldn’t put my Realm block in a Context block. It also doesn’t help that Tomcat generates a myriad of logfiles that you have to wade through to find what you want (catalina.log ended up be my savior).