This document describes how to configure Tomcat to support container managed security, by connecting to an existing “database” of usernames, passwords, and user roles. You only need to care about this if you are using a web application that includes one or more
<security-constraint> elements, and a
<login-config> element defining how users are required to authenticate themselves. If you are not utilizing these features, you can safely skip this document.