A configuração problemática era:
<security-constraint> <display-name>Aplicacao</display-name> <web-resource-collection> <web-resource-name>Aplicacao</web-resource-name> <description>Aplicacao</description> <url-pattern>/Cockpit/*</url-pattern> </web-resource-collection> <auth-constraint> <description>Aplicacao</description> <role-name>Aplicacao_cockpit</role-name> <role-name>AplicacaoConsulta</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <security-role> <description>Aplicacao_cockpit</description> <role-name>Aplicacao_cockpit</role-name> <role-name>AplicacaoConsulta</role-name> </security-role>
Note que na security-constraint acima são referenciadas duas roles, Aplicacao_cockpit e AplicacaoConsulta. Porém foi criada apenas uma role, que recebe os dois valores no campo role-name! Isto está errado!
O correto é:
<security-role> <description>Aplicacao_cockpit</description> <role-name>Aplicacao_cockpit</role-name> </security-role> <security-role> <description>AplicacaoConsulta</description> <role-name>AplicacaoConsulta</role-name> </security-role>Agora sim, as duas roles referenciadas na security-constraint estão criadas corretamente e o arquivo passa na validação do Eclipse.
