aspose file tools*
The moose likes EJB and other Java EE Technologies and the fly likes Exclude servlet from security-constraint Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "Exclude servlet from security-constraint" Watch "Exclude servlet from security-constraint" New topic
Author

Exclude servlet from security-constraint

Michal Glowacki
Ranch Hand

Joined: Mar 14, 2006
Posts: 114
Hi

I have security-constraint set up over my whole project, it's set up like this:

<security-constraint>
<web-resource-collection>
<web-resource-name>MyProject</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Administrator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>MyProject</realm-name>
</login-config>

in web.xml. Then i have set up users and roles in jboss. Everything works ok, but I want to exclude one pattern from this constraint. The reason is that outside company need to have access to one of my servlets, and it's an automated process. So I send them URL to servlet and their system then uses it. I have created one more constraint for this servlet, with another password and user, then tried to access it this way:

http://login:pass@myhost.com/MyProject/ExcludedResource

but it doesn't work :/

Can anyone give me a hint how to solve it?

[edited to disable smilies and fix url tag]
[ November 02, 2007: Message edited by: Jeanne Boyarsky ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Exclude servlet from security-constraint