I'm looking to configure JEE security in an application deployed in tcServer. I am using declarative security and have specified security constraints, authoritative constraints and security roles in my deployment descriptor.
I am using a filter class to retrieve the roles for a user from our database and a call to the request object's authoritative API (isUserInRole()) works correctly.
However, I cannot get declarative security to work as all requests to a URL I've constrained are blocked even when I have been assigned the required roles.
Is there something I need to do in tcServer to complete my configuration?
The following is by web.xml config:
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"