I wish to know , when no http-method is specified in security-constraint
then All the methods are Contrained that is restricted to be used by only the roles in auth-constraint element..It also means that no user who is not in auth-constraint can access any constrained resourse using any method..
How far is this Correct