Thanks for the reply.
1) I'm using Weblogic Server 10.3.6.0.
2) It does prompt once. But even if I enter wrong credentials, it gets through and subsequent requests do not prompt. Same if we use a java client program, instead of invoking from a browser.
I do not have a welcome.jsp, but I hope that is not an issue.