你没有指定你使用的Tomcat的版本，所以我这里用6.x.

You haven't specified the version of Tomcat you're using, so I'm going with 6.x here.

看起来您将 hasResourcePermission 委托给 JDBC，而将 findSecurityConstraints 和 hasUserDataPermission 都交给了 JNDI.您应该全部委托或不委托.

It looks like you're delegating hasResourcePermission to JDBC while leaving both findSecurityConstraints and hasUserDataPermission in hands of JNDI. You should delegate all of them or none of them.

更新:JNDIRealm 调用protected getRoles(DirContext, User) 作为其authenticate() 方法的一部分.您需要覆盖它并将其转发到 JDBCRealm 的 getRoles().

Update: JNDIRealm calls protected getRoles(DirContext, User) as part of its authenticate() method. You need to override that and forward it to JDBCRealm's getRoles().