Created attachment 24972 [details] small patch for JNDIRealm.java According to the docs: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html it says roles can be specified by both userRoleName, AND roleName mechanisms. But, if both are used then the result is that userRoleName roles are excluded. I believe the correct approach is in the attached patch.
Many thanks for the patch. This has been fixed in trunk and proposed for 6.0.x.
This has been fixed in 6.0.x and will be included in 6.0.27 onwards.