Did you define a user.properties file with userid=password? I don't know how it works with apache, but with JBoss (which uses apache) you also have a role.properties file. In there, you define userid=role. Then the role shows-up in the web.xml where you define your protected components. You can say "is user in role" when in your servlet.
--Dale--
Drove my Chevy to the levee but the levee was dry. A wrung this tiny ad and it was still dry.
Gift giving made easy with the permaculture playing cards