As Undertow processes a deployment to convert the security constraints to a JACC Policy using JACC Permissions there is a step which adds unchecked permissions based on the HTTP methods seen so far: -
If no methods have been seen so far this can lead to an action of "!".
Where an action is null or empty String the meaning is "all methods".
Where a list of methods of prefixed with "!" the meaning is "all methods except those listed".
Where we use "Unable to render embedded object: File (" we mean all methods as we have not already encountered any, however the API does specify the syntax and a single ") not found." without any actions is invalid so for that scenario we should use null or empty String.