Hello ranchers,this question is related to the web-app security chapter:
If there are two(or more) role-names defined in the DD inside the <security-role>element,to which role-name will the user be mapped?
From your <security-role-ref> you will map what ever you use in your isUserInRole("") to one of the roles mentioned above. If you closely look at the tags from the page you are citing you will find a </serlet> closing tag.
Hope this helps.
You would be much easier to understand if you took that bucket off of your head. And that goes for the tiny ad too!