i want to use the LdapLoginModule, but not to get roles from ldap. The problem I have that while the user is authenticated fine, it fails to be authorized against the security constraints in web.xml.
i have a <security-constraint> with <web-resources-collections> i've tried not using <auth-constraint>, using an empty one and using one with an empty role. all fail
the strangest failure is when there are no roles in <auth-constraint> i get a message: 005-11-23 18:27:52,022 TRACE [JBossSecurityMgrRealm] (http-0.0.0.0-80-Processor2:) User: qrm is NOT authorized, requiredRoles=, userRoles=
seems to me that if the requiredRoles are empty, the user should be authorized.