>From the Servlet 2.4 spec, section SRV.12.8: anonymous wrote : An authorization constraint that | names no roles indicates that access to the constrained requests must not be | permitted under any circumstances.
So, an empty authorization constraint element should get you what you want. I must admit I'm not certain why your "fake role" didn't work, but in any case the authorization constraint with no roles is the standard way to do it. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3901799#3901799 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3901799 ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
