For this to work you must have <security-role>
defined in web.xml
and <security-constraint>
should refer to it (*
means any role present):
<security-role>
<role-name>IP_AUTHENTICATION</role-name>
</security-role>
<security-constraint>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
Then ibm-application-bnd.xmi
must have a binding for this role to the special subject AllAuthenticatedUsers
:
<authorizations xmi:id="RoleAssignment_1298129835811">
<specialSubjects xmi:type="applicationbnd:AllAuthenticatedUsers"
name="AllAuthenticatedUsers"/>
<role href="META-INF/application.xml#SecurityRole_1310175154371"/>
</authorizations>