Under jboss/tomcat, When I set unauthenticatedIdentity = anything in my login-config.xml file, it causes all of my servlets to not be challenged for authentication. This is not a problem under jboss/jetty.
I am trying to make one servlet which does not require authentication (new account...). By setting the security constraints in the web.xml I can get this to happen, but then need to set the principal to non-null so that I can access some ejbs from the servlet. From the jboss doc, I learned to set the unauthenticatedIdentity in login-config.xml and that then works under jetty, but not under tomcat.