so what if i have to configure security for 2 applications on the same server? Need Basic Authentication for application 1 and Form Based Security for Application 2?
That's no problem. Within a web app you can only use one or the other -not both-, but different web apps can use different forms of authantication.
What is not possible is to use different
Realm implementations for the same Tomcat Service. That's a limitation of Tomcat, and has nothing to do with
servlets per se. See below for how to get around this.
Can you elaborate for setting another engine?
Much more information about that can be found in the
Tomcat docs. You could start by duplicating the
Service element in the server.xml file, and then changing the
Realm of the second one to suit your needs.