What's the difference between:
<auth-constraint><role-name>tomcat</role-name></auth-constraint>
and:
<security-role><role-name>tomcat</role-name></security-role>
in a security constraint declaration?
For example if I'm defining BASIC authentication as below, which should I use?
<login-config><auth-method>BASIC</auth-method></login-config>