The webapp is located at \Tomcat\webapps\mywebapp and that directory has several subdirectories like \Tomcat\webapps\mywebapp\cache\ and \Tomcat\webapps\mywebapp\images\ and these are all protected by one global security constraint (the url-pattern is /* so everything in there is off-limits if you're not authenticated). I'm trying to figure out if there's a way to specify a directory that is an exception, meaning you could access a file in it (if you knew the URL to the file) without being authenticated. Bascially, how can I make a file in \Tomcat\webapps\mywebapp\newdirectory\ be accessible to you without you having to log in?
I'm posting the complete web.xml in mywebapp\WEB-INF\ so you can see what I'm talking about. Also, I'm trying to modify the original developer's work, so I've been using Windows Grep to try and find out where the web resource ADE Supply is mentioned elsewhere, but honestly, I can't find it! How does it know what directory is being specified? Also, do you think this is the same ADE Supply mentioned in the realm-name at the bottom, or is it just circumstantial that they have the same name?
Thanks for your help!
posted 11 years ago
The whole security mechemism is defined by JavaServlet Specification and implemented by container, I guess you couldn't find ADE string in your own program.
Seemed there don't exist a better way except list all constraint directory instead of '/*' in entity 'url-pattern', so user can access your exception file without being authenticated