<p> In the security-constraints elements defined in a Web application's
web.xml deployment descriptor, the auth-constraint element indicates
the user roles that should be permitted access to this resource collection.
Here role-name = "*" is a compact syntax for indicating all roles in the
Web application. In previous releases, role-name = "*" was treated as
all users/roles defined in the realm.
This parameter is a backward-compatibility switch to restore old behavior.
Default behavior is one required by the spec, meaning all roles
defined in the web application.
If set, the value defined in weblogic.xml (container-descriptor -> allow-all-roles)
takes precedence (if set) over this value. </p>
(Interface=weblogic.management.configuration.WebAppContainerMBean Attribute=isAllowAllRoles)