Changes in 1.249 break previous behavior that could prevent anonymous from read
access. However, now the main page doesn't seem to be protected which doesn't
force container-based authentication to kick-in. Instead, you're redirected to
"/login?from=%2Fhudson%2F" regardless of webcontext. I install hudson under
/hudson, so /login... gives me a 404.
If I give anonymous read access, then I can see the main page and hit the login
Previous behavior allowed me to not enable any access to anonymous in
matrix-based security. When going to /hudson, container-based security would
redirect to my login form correctly.