final SecurityPathMatches securityPathMatches = buildSecurityConstraints();
current = new ServletAuthenticationCallHandler(current);
if (!securityPathMatches.isEmpty()) {
current = new ServletAuthenticationConstraintHandler(current);
}
current = new ServletConfidentialityConstraintHandler(deploymentInfo.getConfidentialPortManager(), current);
if (!securityPathMatches.isEmpty()) {
current = new ServletSecurityConstraintHandler(securityPathMatches, current);
}
List<AuthenticationMechanism> authenticationMechanisms = new LinkedList<AuthenticationMechanism>();
authenticationMechanisms.add(new CachedAuthenticatedSessionMechanism()); //TODO: does this really need to be hard coded?