If security constraints exist with an excluding auth-constraint, then a WUDP needs to be added to unchecked policy for http methods that are non-excluded.
Additionally, an unchecked perm should be added for :
- A WebResourcePermission and a WebUserDataPermission must be added to the unchecked
- policy statements for each url-pattern in the DD and the default pattern, "/",
that is not combined by the webresource-collection elements of the deployment descriptor
- with every HTTP method value. (JACC 1.0: Section 184.108.40.206)