Changes in 1.249 break previous behavior that could prevent anonymous from read
access. However, now the main page doesn't seem to be protected which doesn't
force container-based authentication to kick-in. Instead, you're redirected to
"/login?from=%2Fhudson%2F" regardless of webcontext. I install hudson under
/hudson, so /login... gives me a 404.

If I give anonymous read access, then I can see the main page and hit the login
link.

Previous behavior allowed me to not enable any access to anonymous in
matrix-based security. When going to /hudson, container-based security would
redirect to my login form correctly.

See also:
1. https://hudson.dev.java.net/issues/show_bug.cgi?id=2275
2. https://hudson.dev.java.net/servlets/ReadMsg?list=users&msgNo=11994