In the question no: 51 of mockexam http://www.javaranch.com/carl/SCWCD.htm
Which statements are true about the Web Application DD ?
1) There can't be leading nor trailing spaces for PCDATA whithin text nodes
2) The servlet container must ensure that role-names in auth-constraint are defined in security-role elemen
3) URI paths specified are assumed to be URL decoded form
4) None of the above
Here the choice 2 is marked as incorrect. But is it not compulsory that the role-name in auth-constraint should be a role specified within the security-role element ?