Regardless, changes in the user roles made while a user is logged in do not take effect while that user is logged in, not for any Realm. This is for security reasons, since you would otherwise be changing the wheels while the car is driving and potentially creating temporary security loopholes.
Also, note that when you have 2 WARs with the same name in the Tomcat webapps directory (for example, abc.war and an abc directory in exploded WAR format), that the exploded WAR will be the one used, even if the war file is newer.
When you stop tomcat and restart it, it is possible that session information could be cached and restored when tomcat comes back up, so any time you're making changes to the web apps or security configuration and restarting Tomcat, it's a good idea to delete the files and directories under Tomcat's work and temp directories.
You ought to ventilate your mind and let the cobwebs out of it. Use this cup to catch the tiny ads:
free, earth-friendly heat - a kickstarter for putting coin in your pocket while saving the earthhttps://coderanch.com/t/751654/free-earth-friendly-heat-kickstarter