diff --git a/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletContextHandler.java b/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletContextHandler.java
index 80b97f24126..de751dce77d 100644
--- a/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletContextHandler.java
+++ b/jetty-ee10/jetty-ee10-servlet/src/main/java/org/eclipse/jetty/ee10/servlet/ServletContextHandler.java
@@ -23,6 +23,7 @@ import java.nio.file.Path;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.EnumSet;
 import java.util.Enumeration;
@@ -1733,8 +1734,6 @@ public class ServletContextHandler extends ContextHandler implements Graceful
      */
     protected void addRoles(String... roleNames)
     {
-        /*
-        TODO: implement security.
         //Get a reference to the SecurityHandler, which must be ConstraintAware
         if (_securityHandler != null && _securityHandler instanceof ConstraintAware)
         {
@@ -1745,7 +1744,6 @@ public class ServletContextHandler extends ContextHandler implements Graceful
             union.addAll(Arrays.asList(roleNames));
             ((ConstraintSecurityHandler)_securityHandler).setRoles(union);
         }
-         */
     }
 
     /**
diff --git a/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/ServletContextHandlerTest.java b/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/ServletContextHandlerTest.java
index b0ff9baf796..d56e67ff43d 100644
--- a/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/ServletContextHandlerTest.java
+++ b/jetty-ee10/jetty-ee10-servlet/src/test/java/org/eclipse/jetty/ee10/servlet/ServletContextHandlerTest.java
@@ -89,6 +89,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.instanceOf;
 import static org.hamcrest.Matchers.notNullValue;
@@ -292,6 +293,18 @@ public class ServletContextHandlerTest
         {
             assertNull(sce.getServletContext().getAttribute("MyContextListener.contextInitialized"));
             sce.getServletContext().setAttribute("MyContextListener.contextInitialized", Boolean.TRUE);
+            
+            assertNull(sce.getServletContext().getAttribute("MyContextListener.declareRoles"));
+            try
+            {
+                sce.getServletContext().declareRoles("foo", "bar");
+                sce.getServletContext().setAttribute("MyContextListener.declareRoles", Boolean.FALSE);
+            }
+            catch (UnsupportedOperationException e)
+            {
+                //Should NOT be able to call declareRoles from programmatic SCL
+                sce.getServletContext().setAttribute("MyContextListener.declareRoles", Boolean.TRUE);
+            }
 
             assertNull(sce.getServletContext().getAttribute("MyContextListener.defaultSessionTrackingModes"));
             try
@@ -845,6 +858,7 @@ public class ServletContextHandlerTest
         assertTrue((Boolean)root.getServletContext().getAttribute("MySCI.effectiveSessionTrackingModes"));
         assertTrue((Boolean)root.getServletContext().getAttribute("MySCI.setSessionTrackingModes"));
         assertTrue((Boolean)root.getServletContext().getAttribute("MyContextListener.contextInitialized"));
+        assertTrue((Boolean)root.getServletContext().getAttribute("MyContextListener.declareRoles"));
         assertTrue((Boolean)root.getServletContext().getAttribute("MyContextListener.defaultSessionTrackingModes"));
         assertTrue((Boolean)root.getServletContext().getAttribute("MyContextListener.effectiveSessionTrackingModes"));
         assertTrue((Boolean)root.getServletContext().getAttribute("MyContextListener.setSessionTrackingModes"));
@@ -1492,6 +1506,18 @@ public class ServletContextHandlerTest
         response = _connector.getResponse(request.toString());
         assertThat("Response", response, containsString("Hello World"));
     }
+    
+    @Test
+    public void testDeclareRoles() throws Exception
+    {
+        ServletContextHandler context = new ServletContextHandler();
+        context.setSecurityHandler(new ConstraintSecurityHandler());
+        context.addEventListener(new RolesListener());
+        context.setContextPath("/");
+        _server.setHandler(context);
+        _server.start();
+        assertThat(((ConstraintSecurityHandler)context.getSecurityHandler()).getRoles(), containsInAnyOrder("tom", "dick", "harry"));
+    }
 
     @Test
     public void testServletRegistrationByClass() throws Exception
@@ -1935,6 +1961,22 @@ public class ServletContextHandlerTest
         expected = String.format("decorator[] = %s", DummyUtilDecorator.class.getName());
         assertThat("Specific Legacy Decorator", response, containsString(expected));
     }
+    
+    public static class RolesListener implements ServletContextListener
+    {
+        @Override
+        public void contextInitialized(ServletContextEvent sce)
+        {
+            sce.getServletContext().declareRoles("tom", "dick", "harry");
+            ServletContextListener.super.contextInitialized(sce);
+        }
+
+        @Override
+        public void contextDestroyed(ServletContextEvent sce)
+        {
+            ServletContextListener.super.contextDestroyed(sce);
+        }
+    }
 
     public static class HelloServlet extends HttpServlet
     {