Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Exclude a JSP from web.xml's security-contraint

I would like to exclude only one JSP file question.jsp from security-constraint.

I have this from my web.xml:

<security-constraint>
    <display-name>My Security Constraint</display-name>
    <web-resource-collection>
        <web-resource-name>Protected Area</web-resource-name>      
        <url-pattern>*.do</url-pattern>
        <url-pattern>*.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>      
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>
like image 838
naj_ib Avatar asked Dec 12 '11 16:12

naj_ib


1 Answers

Just add a free-pages section, without providing any auth-constraint. It will take precedence over protected pages:

<security-constraint>
  <web-resource-collection>
    <web-resource-name>free pages</web-resource-name>
    <url-pattern>/question.jsp</url-pattern>
  </web-resource-collection>
</security-constraint>
like image 116
loscuropresagio Avatar answered Sep 18 '22 15:09

loscuropresagio