Here is the example code from my web.xml
Only user having role "Admin" can access "ResetPassword.html" page.
There is an API that lets us to
test whether current user has access to a specific role or not.
request.isUserInRole("Admin");
My default user "DefUser" is returning false because he has no role assigned and I got 403 error as DefUser cannot asscess "ResetPassword.html" page. Can I make request.isUserInRole("Admin") return true if I login with DefUser? Is there any other way to do it?
I do want to use the security constraints. This is one of the requirements that there could be a user like "DefUser" which should have permission to all pages having no roles assigned to it.
I just want to bypass these security constraints. Is there any way for "DefUser" to access "ResetPassword.html" page?
http://www.imrantariq.com/blog/