• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security constraints declaratively in web.xml

 
Mallika R Kumar
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
I have a web app where I've set up BASIC auth for users. I want to exclude a specific url pattern from this basic authorization. Is there a way to specify an exclusion pattern in web.xml's web-resource-collection for this ? I'm running my web-app in Resin 3.0.
Here is my web.xml:
--------------------------------------------------
<security-constraint>
<!-- web resources that are protected -->
<web-resource-collection>
<web-resource-name>A Protected Page</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>

<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>*</realm-name>
<!-- The authenticator tag is Resin-specific -->
<authenticator resin:type="com.caucho.server.security.XmlAuthenticator">
<password-digest>none</password-digest>
<user>protecteduser rotecteduser:user</user>
</authenticator>
</login-config>
--------------------------------------------------

Thanks,
Mallika.
 
ahmad basha
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Mallika,

I too need the same i want to exclude some pattern, If you find some solution please post it.
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is no way to specify which URLs not to protect. You may have to restructure your URL space so that you can specify which URLs to protect.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic