This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
Nobody can access the resources because of <auth-constraint/>. If this is present then nobody can access the resources, though permission are granted in another secirity constaint for the same resource and http method.