For 4.0.4.GA, I am looking at providing support for usecase b) only [even though usecase a) can be satisified by defining security constraints on non-existent resources in the web.xml]. The key requirement is the installation of a tomcat authenticator by the tomcat container. That is possible only by the presence of some security constraints in the web.xml
Usecase c) is interesting and will be dealt in the next iteration of jboss-4.0.x ie.4.0.5
http://jira.jboss.com/jira/browse/JBAS-3169
Excellent! Thanks.
Cameron, now that this feature has been added into the jboss-4.0.4.GA release with the resolution of the JIRA issue, would you like to test this functionality with your stuff asap?
http://wiki.jboss.org/wiki/Wiki.jsp?page=JaccDelegationForUnsecuredWebResources
Steps to test:
1) Bring over the Branch 4_0 codebase and build.
http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossBuild
2) Make the modifications to the JaccAuthorizationRealm in the server.xml as shown in the wiki above.
3) Test your stuff and report any issues/observations.
I'll make the change and let you know what happens
Sorry for the long delay. I tried the 4.04 release and everything seems to work as I expected. Thanks for the response. I'm going to tell my customers to use this release