I defined a realm in server.xml... inside <Engine name="Catalina" defaultHost="localhost"> below the block <!-- Use the LockOutRealm to prevent attempts to guess user passwords via a brute-force attack --> <Realm className="org.apache.catalina.realm.LockOutRealm"> <!-- This Realm uses the UserDatabase configured in the global JNDI resources under the key "UserDatabase". Any edits that are performed against this UserDatabase are immediately available for use by the Realm. --> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> add <Realm className="org.apache.catalina.realm.MemoryRealm" digest="MD5" pathname="conf/my-realm.xml"/> It works fine initially. Later, I move the realm def above that block. The config is not changed logically, but then authentication of my realm fails.
A Container can have only one Realm. http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/Container.html#getRealm%28%29
Please mention this in documentation / server logs.
Docs updated for 7.0.51 onwards.