Ah, probably I find solution - from documentation:
"The Tersus Server components are configured by default to enforce authentication of users. If the application you are deploying does not require authentication (i.e., it does not use the Authorization module), you should do the following:
In server version .43 I've got files web.xml and web.xml.authenticated,
in server version .58 web.xml and web.xml.not.authenticated
My application uses authorization module so according to this instruction I should have 2 files:
web.xml and web.xml.not_authenticated. Do I get it right?
For best results, use the Firefox browser..