Security roles are logical groups of users (such as bankTeller or bankManager). When you deploy the application, these roles are mapped to specific individuals or groups of individuals. Constraints define which parts of the application to secure, such as servlets and JSPs, and which roles can access them.
To define security roles and constraints:
With this configuration, you have allowed any user that can be authenticated to LDAP (All authenticated users) to access any resource in the project (/*). In your application, you may want to create additional roles and constraints to further refine which users (roles) can access which resources.