I was working with Jeff Potts' book "Alfresco Developer Guide" and found that one of the WebScript examples needed to be updated for 4.0.
When accessing an MVC-style WebScript in 4.0, you need to specify the <authentication> element in the WebScript descriptor. There is a sample WebScript in the "Adding Controller Logic" of Jeff Potts' book "Alfresco Developer Guide" that uses a controller component -- helloworld.get.js -- to set a variable, model.foo. The descriptor provided will return the following error in the browser and Tomcat logs with a stack trace.
A valid SecureContext was not provided in the RequestContext
This is despite being logged in as admin. The descriptor provided in the book defines only shortname, description, and url.
Adjusting the descriptor to include an <authentication> element fixed this.
<description>Hello world web script</description>