Skip to content
Discussion options

You must be logged in to vote

This is a known behavioral change related to security constraint evaluation in Jakarta EE 10 (Servlet 6.0). Let me break down what is happening and provide the standard solutions.

Why This Is Happening

1. Servlet 6.0 Strictness

Between Servlet 4.0 (Java EE 8) and Servlet 6.0 (Jakarta EE 10), there were major clarifications regarding security constraint matching. In newer containers like GlassFish 7, if a <login-config> is present, the container may apply a stricter posture. If a resource (like /) isn't explicitly defined as "Unprotected", the container might fallback to requiring authentication because it doesn't want to leave "uncovered" resources exposed by accident.

2. Welcome File Int…

Replies: 2 comments 3 replies

Comment options

You must be logged in to vote
3 replies
@kbachl
Comment options

@OndroMih
Comment options

OndroMih Nov 2, 2025
Collaborator

@OndroMih
Comment options

Comment options

You must be logged in to vote
0 replies
Answer selected by OndroMih
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
3 participants