Here is a bit more info:
I have entered a role called 'anonymous' which is mapped to a 'nobody' principal in the roles table. (I'm using DatabaseServerLogin module)
Do I need to have an entry in the principals table for 'nobody' too?
What should the client be required to do in order for a servlet to get back true from a isUserInRole('anonymous') when interogating the unauthenticated caller?
Bear in mind I already have form-based auth working for other users in the tables. Its just 'nobody' that I'd like to be able to be recognizeable in a servlet so that default app functionality can be applied based on role. Having the 'isCallerInRole()' method return 'null' is not sufficient as I need the anonymous user to belong to a user group which has its place in the user tree.
Any comments or suggestions are gratefully accepted.:-)