I believe I've found the solution.
I didn't determine the name of a default authenticated role, but there seems to be an implicit group in WebLogic called "users", which all users belong to by default. It doesn't seem that this group shows up anywhere in the Admin Console, but all users seem to belong to it by default.
In my web.xml, I define an "authenticated-users" role (the name isn't important). Then, in weblogic.xml, I map that role to the "users" group. This allows any page protected by the "authenticated-users" constraint to be accessed by any user who is authenticated.
I've only tested this using FORM authentication, but I don't see any reason why it wouldn't also work for other methods.
web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>secure</web-resource-name>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>authenticated-users</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>Any User</description>
<role-name>authenticated-users</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>myrealm</realm-name>
<form-login-config>
<form-login-page>/login_form.html</form-login-page>
<form-error-page>/login_error.html</form-error-page>
</form-login-config>
</login-config>
weblogic.xml
<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:wls="http://www.bea.com/ns/weblogic/90"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-web-app.xsd">
<wls:security-role-assignment>
<wls:role-name>authenticated-users</wls:role-name>
<wls:principal-name>users</wls:principal-name>
</wls:security-role-assignment>