SecurityFilter is a Java Servlet Filter that mimics container managed security. It looks just like container managed security to your app, as you can call request.getRemoteUser(), equest.isUserInRole(), and request.getUserPrincipal() and get valid responses. The Security Filter configuration file follows the web.xml standard, which makes it easy to switch to Security Filter from container managed security, or switch back as your requirements or deployment environment details change.