Shouldn't you post a JIRA request if you consider it a bug? In our application we use "/foo/*", "/bar/*", etc. so we don't have your problem. But I can imagine a case where I would put a login-required=true on all (*) and then login-required=false on the specific pages that can be accessed anonymously, eg.: login
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4087604#4087604 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4087604 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user