Incorrect deployment of the realm was the cause of the problem. Moreover, a custom realm is not suitable here. The best way of checking the IP-address is writing a custom form authenticator that have access to the HTTP request.
Changing the form authenticator in the web. Xml and deploying it allowed exactly what I needed. It also eliminates the requirement to check IP-address on every request, because secure resources are hidden behind the authorization "wall" - this means if the authorization is granted, it also means that the IP was valid.
Thanks to JoseK for pointing a good solution. I was just confused a little with the concept of realms in Tomcat.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.