This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Does that mean that a <security-role> <role-name> is required before you can use <auth-constraint> <role-name> ?
Joined: Jul 17, 2004
without the security-role declaration the container would normally not be able to (or is not allowed to be able to?) map the role names in the auth-constraint to the ones that are set up in the container-specific configuration.
I recommend to just set up such a system, for example with the Tomcat MemoryRealm.