The DD security-role element in web.xml

Can someone please let me know if the <security-role> element goes under a <servlet> element or is it a separate element under <web-app....>??

<web-app>
<servlet >
<security-role-ref>
....
</security-role-ref>
</servlet>
<security-role>
</security-role>
<web-app>

Authentication works without <security-role> element in web.xml. So I'm wondering what is the use of it?? code that works:
<?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="member"/> <role rolename="admin"/> <role rolename="guest"/> <user username="tomcat" password="pindy" roles="guest"/> <user username="pussycat" password="gandy" roles="admin"/> <user username="anthony" password="12345678" roles="admin,member"/> </tomcat-users>

<login-config> <auth-method>BASIC</auth-method> </login-config> <security-constraint> <web-resource-collection> <web-resource-name>loginTesting</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>member</role-name> <role-name>admin</role-name> </auth-constraint> </security-constraint>

localhost/Beer-v1/login.html
[ December 30, 2008: Message edited by: Warnakulasuriya Patabendige Ushanth ]