Hi,

Apologies if this has been asked and answered somewhere else, but I haven't had any luck tracking it down.

I have an application that stretches across multiple application servers. Each application server is configured to hit a CAS server for authentication. It works great, prompts for logins, redirects back to the page requested after authentication, etc.

The problem arises on the pages that I DON'T want to require authentication for.  On Glassfish (the application server I'm moving from) if you didn't specify a web-resource-collection and auth-constraint, it assumed you wanted it publicly available and let traffic reach the page.

With Wildfly, it forces ALL traffic to go through the authentication process.

The most promising answer I've had yet is one that suggests that creating a security-constraint section without an auth-constraint section would solve the problem.

Unfortunately, all this seems to accomplish is making it so that Wildfly won't deploy the application.

The exact error seems unrelated (Caused by: java.lang.ClassNotFoundException: com.sun.jersey.spi.container.servlet.ServletContainer), especially since I can deploy just fine if I don't try and make sections of the application available to the unauthenticated public.

Any ideas?

The section in web.xml in question is:

<security-constraint>

        <web-resource-collection>

            <web-resource-name>Public</web-resource-name>

            <url-pattern>/shared/shared/*</url-pattern>

        </web-resource-collection>

    </security-constraint>