If no sun-application.xml is found, a defaults 1 to 1 mapping should be done for
all the referenced roles found in the application.
This means the application will collect all the role names (for instance in
web.xml , using the xpath /security-role/role-name ) available on all the Java
EE standard deploymet descriptors (web,ejb,application).
As an example having in web.xml :
<description>The system administrators</description>
would mean having automatically a behavior like if the following sun-file would
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Application
Server 9.0 Java EE Application 5.0//EN"
This would enable out of the box deployment of any WAR/EAR having security
requirements. This is an important point for Java EE "WORA" !