I "solved" the problem by setting the url-pattern to a never used site. Thats not nice but it works for now :/.
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>file</realm-name>
</login-config>
<security-role>
<description>Tester</description>
<role-name>Tester</role-name>
</security-role>
<security-constraint>
<display-name>Test-Server-Access</display-name>
<web-resource-collection>
<web-resource-name>Test-Server-Access</web-resource-name>
<description/>
<url-pattern>${test.url}</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Tester Access</description>
<role-name>Tester</role-name>
</auth-constraint>
<user-data-constraint>
<description>HTTPS Login</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I would appreciate a cleaner solution if theres any.