Hi,
Our environment is using a Provider for the productive servers and are not expert JEE developers (we have "real" deployers). I REALLY would prefer for them not to touch the EARs that are going to be installed on the system if it is possible. They can correct or modify the sun-web.xml files because the bindings are done in it (and will be moved from the EARs as soon as we have found a way to use plan files productively) and that's it.
There is no possibility to delete a role (like "none") in the web.xml (I don't even know if it is legal/supported in a licensing kind of way) and listing every principal is... well... a joke right? We have more than half a million users!!!!
greets
jeremie
PS: From the JEE BluePrints:
2.2.4 Deployer
A Deployer, an expert in a specific operational environment, is responsible for deploying J2EE components and applications into that environment. A Deployer uses tools supplied by the J2EE Product Provider to perform deployment tasks. A Deployer installs components and applications into a J2EE server and configures components and applications so as to resolve all the external dependencies declared by the Application Component Provider and Application Assembler.
[Message sent by forum member 'granat' (granat)]
http://forums.java.net/jive/thread.jspa?messageID=242311