I set up security to 'Delegate to servlet container', chose 'Matrix based security', added a user that is in the 'admin' role (he can do everything, every field is ticked), and anonymous can only 'Read' under 'Overall'.

When I send a link to a colleague, he gets a 404 HTTP error if he is not yet authenticated. What should happen, IMHO, is that he should be redirected to the login form, and after logging in, to the originally requested page. Actually, this is the standard servlet behavior with form authentication, so I don't fully understand why this doesn't work with jenkins.

Setting to critical as we do it pretty often and this really hurts our teeth.