permaculture playing cards*
The moose likes Servlets and the fly likes turn off security constraint for a directory Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "turn off security constraint for a directory" Watch "turn off security constraint for a directory" New topic
Author

turn off security constraint for a directory

Stephen Huey
Ranch Hand

Joined: Jul 15, 2003
Posts: 618
The webapp is located at \Tomcat\webapps\mywebapp and that directory has several subdirectories like \Tomcat\webapps\mywebapp\cache\ and \Tomcat\webapps\mywebapp\images\ and these are all protected by one global security constraint (the url-pattern is /* so everything in there is off-limits if you're not authenticated). I'm trying to figure out if there's a way to specify a directory that is an exception, meaning you could access a file in it (if you knew the URL to the file) without being authenticated. Bascially, how can I make a file in \Tomcat\webapps\mywebapp\newdirectory\ be accessible to you without you having to log in?

I'm posting the complete web.xml in mywebapp\WEB-INF\ so you can see what I'm talking about. Also, I'm trying to modify the original developer's work, so I've been using Windows Grep to try and find out where the web resource ADE Supply is mentioned elsewhere, but honestly, I can't find it! How does it know what directory is being specified? Also, do you think this is the same ADE Supply mentioned in the realm-name at the bottom, or is it just circumstantial that they have the same name?

Thanks for your help!


leon fan
Greenhorn

Joined: Aug 02, 2004
Posts: 19
The whole security mechemism is defined by Java Servlet Specification and implemented by container,
I guess you couldn't find ADE string in your own program.

Seemed there don't exist a better way except list all constraint directory instead of '/*' in entity 'url-pattern', so user can access your exception file without being authenticated
 
Consider Paul's rocket mass heater.
 
subject: turn off security constraint for a directory
 
Similar Threads
web.xml hard work
Sample web.xml.. may be useful for SCWCD Ranchers
Single Sign-on across web-apps
404 Exception
404 Exception