Exclude a JSP from web.xml's security-contraint

Question

I would like to exclude only one JSP file question.jsp from security-constraint.

I have this from my web.xml:

<security-constraint>
    <display-name>My Security Constraint</display-name>
    <web-resource-collection>
        <web-resource-name>Protected Area</web-resource-name>      
        <url-pattern>*.do</url-pattern>
        <url-pattern>*.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>      
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>

loscuropresagio · Accepted Answer

Just add a free-pages section, without providing any auth-constraint. It will take precedence over protected pages:

<security-constraint>
  <web-resource-collection>
    <web-resource-name>free pages</web-resource-name>
    <url-pattern>/question.jsp</url-pattern>
  </web-resource-collection>
</security-constraint>

Exclude a JSP from web.xml's security-contraint

Tags:

java

security

jsp

tomcat

web

naj_ib

1 Answers

loscuropresagio

Recent Activity

Donate For Us

Exclude a JSP from web.xml's security-contraint

Tags:

java

security

jsp

tomcat

web

naj_ib

1 Answers

loscuropresagio

Related questions

Recent Activity

Donate For Us