Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Exclude servlet from security-constraint

 
Michal Glowacki
Ranch Hand
Posts: 114
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

I have security-constraint set up over my whole project, it's set up like this:

<security-constraint>
<web-resource-collection>
<web-resource-name>MyProject</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Administrator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>MyProject</realm-name>
</login-config>

in web.xml. Then i have set up users and roles in jboss. Everything works ok, but I want to exclude one pattern from this constraint. The reason is that outside company need to have access to one of my servlets, and it's an automated process. So I send them URL to servlet and their system then uses it. I have created one more constraint for this servlet, with another password and user, then tried to access it this way:

http://login:pass@myhost.com/MyProject/ExcludedResource

but it doesn't work :/

Can anyone give me a hint how to solve it?

[edited to disable smilies and fix url tag]
[ November 02, 2007: Message edited by: Jeanne Boyarsky ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic