I am trying to configure a simple file realm in glassfish 3.1 following this tutorial:

我正在尝试按照本教程在 glassfish 3.1 中配置一个简单的文件领域：

I did everything as it says but doesn't work, when I travel to the admin page doesn't I don't see the pop up message asking for credentials. This is what I did:

我按照它说的做了所有但不起作用，当我前往管理页面时，我没有看到要求凭据的弹出消息。这就是我所做的：

1- Create a file realm:

1-创建一个文件领域：

2- Then I created a user using the manage users button

2-然后我使用管理用户按钮创建了一个用户

3-I created a glassfish-web.xml file using the graphic interface instead of the editors

3-我使用图形界面而不是编辑器创建了一个 glassfish-web.xml 文件

4-Then in the same way I configured the web.xmlSorry if this last image is a bit hard to see, you can zoom.

4-然后以同样的方式我配置了 web.xml对不起，如果最后一张图片有点难看，你可以放大。

When I use the URL to travel to /admin.xhtml nothing stops me from viewing the content of the page, this means something is not configured right. I don't know what am I missing. Could somebody give me a hand trying to find the reason I cannot make this simple security task work?

当我使用 URL 访问 /admin.xhtml 时，没有什么能阻止我查看页面内容，这意味着某些配置不正确。我不知道我错过了什么。有人可以帮我找出我无法完成这项简单安全任务的原因吗？

Update

更新

Here my web.xml source

这是我的 web.xml 源

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>faces/index.xhtml</welcome-file>
    </welcome-file-list>
    <security-constraint>
        <display-name>Constraint1</display-name>
        <web-resource-collection>
            <web-resource-name>allowed</web-resource-name>
            <description/>
            <url-pattern>/admin.xhtml</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>administrator</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>file</realm-name>
    </login-config>
    <security-role>
        <description/>
        <role-name>administrator</role-name>
    </security-role>
</web-app>

and also glassfish-web.xml source

还有 glassfish-web.xml 源

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">
  <security-role-mapping>
    <role-name>administrator</role-name>
    <group-name>admin</group-name>
  </security-role-mapping>
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
</glassfish-web-app>

Basically what I want to do is having 2 types of users. Guests who just browse index.xhtml and they have no credentials at all and the administrators who have their credentials stored in the file and are asked for them when going to admin.xhtml

基本上我想做的是有两种类型的用户。仅浏览 index.xhtml 且根本没有凭据的来宾以及将凭据存储在文件中并在转到 admin.xhtml 时被要求提供凭据的管理员

I don't understand what is missing. Do I need to create special privilege for guest users saying that they can view index.xhtml?

我不明白缺少什么。我是否需要为来宾用户创建特殊权限，说他们可以查看 index.xhtml？