Hi Fabio,
In addition to setting the login configuration and the login module, you would also need to specify which resources of your application are protected. An authentication will be triggered only for protected resources of your application. Public resources you can access without any authentication.
Specifying which resources are protected is done in the web.xml. For more information, please see Creating a Security Constraint - Integrating Security Functions - SAP Library
Best regards,
Nikolay