I don't know, I've never tried.
But they SHOULD "just work".
The magic here is that all of the security and such works on the raw URL, whereas the alternatedocroot is a facility within the bowels of the internal url -> disk mapping.
I know for my own hand rolled security filters, these don't pose a problem at all. I would think it would be the same for the normal container based security, but I don't know at all what the ramifications are for SSL (but I'd think they'd be similar).
[Message sent by forum member 'whartung' (whartung)]
http://forums.java.net/jive/thread.jspa?messageID=252138