I'll try to elaborate with regards to web.xml, and hopefully clarify:
The files web.xml.not_authenticated and web.xml.authenticated (if performing the procedure you quoted from the documentation), are left there for backup purposes only (they can just as well be deleted altogether). The only file that affects the deployment is web.xml, determining whether or not tomcat-based, basic authentication (log-in) will be employed.
If your application requires authentication (i.e. you've defined requiredPermission on certain models, and included an authorization module in your app), the default web.xml, included in the tersus-server download should be used, and no copying of web.xml* is required. If your application does not require authentication, you'll need to perform the quoted copy procedure.
A quick check in our archives show that there has been no change in that respect between the downloads of 1.3.43 and later version, which contain web.xml (the authentication version) and web.xml.not_authenticated.
Note that in the embedded server included in the studio, used while modeling and testing, no such copying is required. The studio takes care of it behind the scenes, based on whether or not permissions are defined in the model.
For best results, use the Firefox browser..