I am attempting to configure Tomcat's WebDav application (http://localhost:8080/webdav) to allow everyone to view the directory. However I need authorized users to be able to edit the content of the directory.

Here some additional info regarding the problem.
First I set the property in the webapps/webdav/web.xml file to allow read and write access. By default this gives everyone access to change content.

    <init-param>
      <param-name>readonly</param-name>
      <param-value>false</param-value>
    </init-param>

I tested this and it worked as expected--everyone was able to make changes to the content. Next I attempted to change the security settings for the directory so only certian users could make changes.

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>The Entire Web Application</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>tomcat</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Tomcat Supported Realm</realm-name>
  </login-config>

  <security-role>
    <description>
      An example role defined in "conf/tomcat-users.xml"
    </description>
    <role-name>tomcat</role-name>
  </security-role>

This modified things so you need to login as a user defined as having a role of "tomcat" in conf/tomcat-users.xml in order to edit or view anything in the webdav directory.

I need it to allow anyone to access the file over the web, but only prompt for a password if they try to modify the file.

Trying to remove the <security-role> section doesn't work.

<web-resource-collection>
  ....
  <http-method>DELETE</http-method>
  <http-method>POST</http-method>
  <http-method>PUT</http-method>
  <http-method>LOCK</http-method>
</web-resource-collection>