<auth-constraint> <role-name>*</role-name> </auth-constraint>
您需要在web-app中指定安全角色:
<security-role> <role-name>*</role-name> </security-role>