Ok, sounds good. I'm using Tomcat and tried to get it working with the waffle-filter sample, but apparently I'm doing something wrong.
Without the security-constraint the waffle-filter webapp recognizes my user. Now I check if my user has been granted the role "Jeder" (means "Everyone"; I'm on a german system) and it tells me, that I have been granted the role "Jeder".
Now I add the security-contraint to the web.xml of the waffle-filter:
<display-name>Waffle Security Constraint</display-name>
Tomcat tells me: "HTTP Status 403 - Access to the requested resource has been denied"
Any idea what I'm doing wrong? I'm using Apache Tomcat/6.0.28 on Windows 7 (without a Active Directory).