If you chose the Container security (/WEB-INF/oeablSecurity-container.xml) as your security configuration model, you have enabled the Web application's use of the Tomcat container's authenticated user account and role definitions, which are defined in $CATALINA_BASE/conf/tomcat-users.xml.
Also, note that you must edit user accounts information in two configuration files, web.xml and oeablSecurity-container.xml, for authorization to Web resources.
To edit user accounts information in the web.xml file:
1. Search for the following comment: <!-- BEGIN:container.security-->
To edit user accounts information in the web.xml file, search for the BEGIN tag (<!-- BEGIN:container.security-->) in the web.xml code and follow the instructions given by the NOTE, right below the BEGIN tag, in the code.
Note: The Spring Security configurations extends the Web application's security and uses the container's authenticated user accounts and assigned roles for authorization. So, if you chose the Container security model, you must edit user accounts information in two configuration files, web.xml and oeablSecurity-container.xml, for authorization to Web resources. To edit user accounts information in the web.xml file, search for <!-- BEGIN:container.security-->) in the web.xml code and follow the . To edit user accounts information in the oeableSecurity-container.xml, see [XREF].
