problem: tomcat jdbcrealm+jaas web form authentication

Hi all,
I try to use the built-in authentcation service of tomcat which allows to restrict certain pages given certain roles. Following lots of tutorials including the official tomcat documentation I set up a jdbc realm in the server.xml file. I wrote a little web-app with a restricted folder and when I try to access it it comes the login page i specified. The users stored in the database give me a loginerror, when I input a user of the tomcat-users.xml file the access is granted and I can see the pages on the protected folder. Following an other tutorial which uses glassfish v2ur2 as application server and a derby database all configured trough the webinterface of the glassfish server works fine. However I have to use tomcat. // tomcat 6.0, Java EE 5, JDK 1.5
On the webapp i configured the web.xml and the sun-web.xml as follows
The server.xml file snippet which I changed:
I tried mysql and postgresql als databases. The drivers are located in the tomcat/lib folder
{code}
        <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
              driverName="org.gjt.mm.mysql.Driver"
           connectionURL="jdbc:mysql://127.0.0.1:3306/auth?user=root&password=root"
               userTable="users" userNameCol="user_name" userCredCol="user_pass"
           userRoleTable="user_roles" roleNameCol="role_name"/>
{code}
web.xml of the webapp
{code}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
    <security-constraint>
      <display-name>Example Security Constraint</display-name>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
            <description/>
            <url-pattern>/protected/*</url-pattern>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
            <role-name>USERS</role-name>
            </auth-constraint>
    </security-constraint>

    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>developinjava</realm-name>
      <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/error.jsp</form-error-page>
      </form-login-config>
    </login-config>
    </web-app>
{code}
sun-web.xml
{code}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
  <context-root>/dogma</context-root>
  <security-role-mapping>
    <role-name>USERS</role-name>
    <group-name>USERS</group-name>
  </security-role-mapping>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
</sun-web-app>
{code}
*Question*: Is there som missing configuration which I forgot, did I made mistakes?
Thanks for any hint