vRaptor desconsidera a configuração HTTPS

Programação Java
#1

server.xml

<Connector
           protocol="org.apache.coyote.http11.Http11Protocol"
           port="8443" 
		    minSpareThreads="25" 
	       maxSpareThreads="75"
	       enableLookups="false" 
	       disableUploadTimeout="true"
	       acceptCount="100" 
		   maxThreads="400"	   
		   SSLEnabled="true"
           keystoreFile="C:\Users\suporte\.keystore" keystorePass="testeNoHttps"
		   scheme="https" 
		   secure="true" 
           clientAuth="false" 
		   sslProtocol="TLS"/>

Faço os testes no tomcat, http://localhost:8080 e https://localhost:8443 funciona perfeitamente.

Meu problema deve estar no web.xml

 <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
         xmlns:web="http://java.sun.com/xml/ns/javaee" 
         xmlns="http://java.sun.com/xml/ns/javaee" 
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
         version="3.0">         
    
  <display-name>servidorPagamento</display-name>
   
  <listener>
    <listener-class>org.jboss.weld.environment.servlet.Listener</listener-class>
  </listener>
  	
  <context-param>
    <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
    <param-value>messages</param-value>
  </context-param>
  <resource-env-ref>
    <resource-env-ref-name>BeanManager</resource-env-ref-name>
    <resource-env-ref-type>
            javax.enterprise.inject.spi.BeanManager
        </resource-env-ref-type>
  </resource-env-ref>
  <context-param>
    <param-name>br.com.caelum.vraptor.encoding</param-name>
    <param-value>UTF-8</param-value>
  </context-param>
  
  <security-constraint>
      <web-resource-collection>
        <web-resource-name>https pages</web-resource-name>
        <url-pattern>/servidorPagamento/paypalSec/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
      </web-resource-collection>
      <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
    </security-constraint>
 
</web-app>

Quando faço o teste http, tenho acesso a todos os controllers, inclusive o que não poderia
http://localhost:8080/servidorPagamento/paypalSec/notificacaoTeste

Quando faço o teste no https, não tem acesso a nenhum controller
https://localhost:8443/servidorPagamento/paypalSec/notificacaoTeste

#2

Inclui o código abaixo no web.xml, agora tenho acesso em http e https. Só preciso restringir o http

   <auth-constraint>
        <description></description>
        <role-name>authenticated</role-name>
    </auth-constraint>