You surely right, the question is now where is that security constraint....
You say to grant "Everyone" access.... but where ? in active directory ? in tomcat (and where in tomcat) ?????'
I have reinstall every thing out of the box, and put my application (which is a 'hello world like app, and runs ok with Basic authentication) with a web.xml like :
<display-name>Tomcat Server Configuration Security Constraint</display-name>
The role that is required to log in to the RAPv4 Application
and context.xml :
<Valve className="waffle.apache.NegotiateAuthenticator" principalFormat="fqn" roleFormat="both" />
<Realm className="waffle.apache.WindowsRealm" />
and server.xml still have the out of the box
but if I comment this, it is still giving me the same 403 error.......
many thanks for your help