Enterprise-level business applications need rigorous security regulations with varying roles; each role also requires its own set of access control lists. These roles become more important in Web-based applications, which are accessible to a wider audience. In most cases, application security must control access to each attribute that's visible on the screen.
When access to web applications needs to be restricted to certain users and groups, Tomcat provides its realm implementations. A realm groups a collection of web resources together and puts a protection mechanism around them that requires users who wish to access them to authenticate themselves, and for Tomcat to check their authorization. However, tomcat does not did enough for real application. Here comes SecurityFilter which built on the top of tomcat.
SecurityFilter is a Java Servlet Filter that mimics container managed security. It provides robust security and automatic authentication services for web applications.