Hi Christophe.
Yes, I am using Tomcat 5.something. Thanks for that info.
So, in spite of my real-world experience, if by some eery coincidence I get this as a question on the
test, I should assume that an empty auth-constraint beats everything and denies access to all, right?
Thanks again!
John