This week's giveaway is in the EJB and other Java EE Technologies forum. We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line! See this thread for details.
Does that mean that a <security-role> <role-name> is required before you can use <auth-constraint> <role-name> ?
Joined: Jul 17, 2004
without the security-role declaration the container would normally not be able to (or is not allowed to be able to?) map the role names in the auth-constraint to the ones that are set up in the container-specific configuration.
I recommend to just set up such a system, for example with the Tomcat MemoryRealm.