This week's book giveaway is in the Mac OS forum. We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line! See this thread for details.
There was a nice discussion on this topic about a month ago on this forum. But I still remeber the FINAL WORD of that discussion.
The web-resource-collectionType is used to identify a subset of the resources and HTTP methods on those resources within a web application to which a security constraint applies. If no HTTP methods are specified, then the security constraint applies to all HTTP methods.
This quote is from the page 133 of the servlet 2.4 specification. Under the Deployment Descriptor bokkmark.
CONCLUSION: If you do not specify any <http-method> then all methods are constrained.