I was going through some documentation of JBoss and came across the use of unauthenticated user. Also read that the 'other' application-policy given in login-config.xml is used for such users but I am unable to configure my application for such a user. Here are the steps I followed.

I mentioned other in my jboss-web.xml and jboss.xml in the security-domain. Do I need to do this or not mentioning any security-domain would, by default use it? Moreover I want to know if I need to mention something in user.properties and role.properties? If yes, what changes would be required in the ejb-jar.xml? and in web.xml if any? And any other changes if needed.