This is really minor.

If 'rbac' is enabled on the server but the http-interface has no security-realm configured, no web console user will be able to do anything. When the console starts, it handles this mostly correctly by not prompting for a login, but instead directly showing the "Access Denied – Insufficient privileges to access this interface dialog."

Only minor nit is the dismissal button for that dialog reads "Logout", which is a bit odd as the user has never logged in.

I won't be offended at all if you just reject this. I'm working to clear out WFCORE-272 and this is one of the two nits I noted in my comment of 2014/01/28.