Q1)I want to know the difference between auth-constraint vs security-role? As fas i think that <auth-constaint> is one who can make constraint request to resource. <security-role> is one who can make access the application. Please correct if i am wrong?
<security-role> define the entries for the roles available to the application. The roles are provided by container, through its authentication mechanism. Tomcat, by default, uses tomcat-users.xml to define the users and roles.