I figured it out. I had a basic misunderstanding of how <role-name> is used in web.xml. I thought that if I used "*" in <security-constraint><auth-constraint><role-name>, then it should also be listed in <security-role><role-name>. However, I figured out that the latter should list actual roles used in the app, in my case "users".
-- View this message in context: http://jetty.4.n6.nabble.com/security-constraint-auth-constraint-role-name-asterisk-fails-tp4958675p4958676.html Sent from the Jetty User mailing list archive at Nabble.com. _______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
