[undertow-dev] Security constraints and population of ServletSecurityInfo

Hi all, I am seeing some odd behaviour regarding security constraints. If I add an @ServletSecurity annotation to a servlet, in the request the ServletSecurityInfo is (correctly) populated. However, if I add (notionally) the same constraint in web.xml, the ServletSecurityInfo is *not* populated (it’s actually a null). Is this the intended behaviour? Many thanks Paul PS: Undertow version is Undertow 1.0.0.Final-SNAPSHOT, I’ve not moved to Wildfly 8.0.0 Final yet :)