wood burning stoves 2.0*
The moose likes Servlets and the fly likes Security constraints declaratively in web.xml Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Security constraints declaratively in web.xml" Watch "Security constraints declaratively in web.xml" New topic
Author

Security constraints declaratively in web.xml

Mallika R Kumar
Ranch Hand

Joined: Jan 21, 2004
Posts: 38
Hello,
I have a web app where I've set up BASIC auth for users. I want to exclude a specific url pattern from this basic authorization. Is there a way to specify an exclusion pattern in web.xml's web-resource-collection for this ? I'm running my web-app in Resin 3.0.
Here is my web.xml:
--------------------------------------------------
<security-constraint>
<!-- web resources that are protected -->
<web-resource-collection>
<web-resource-name>A Protected Page</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>

<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>*</realm-name>
<!-- The authenticator tag is Resin-specific -->
<authenticator resin:type="com.caucho.server.security.XmlAuthenticator">
<password-digest>none</password-digest>
<user>protecteduser rotecteduser:user</user>
</authenticator>
</login-config>
--------------------------------------------------

Thanks,
Mallika.
ahmad basha
Greenhorn

Joined: May 25, 2006
Posts: 2
Hi Mallika,

I too need the same i want to exclude some pattern, If you find some solution please post it.


shaik ahmadb basha
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41137
    
  45
There is no way to specify which URLs not to protect. You may have to restructure your URL space so that you can specify which URLs to protect.


Ping & DNS - my free Android networking tools app
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Security constraints declaratively in web.xml
 
Similar Threads
Basic Authentication using web.xml
getAuthType.......always returning null...
Tomcat 5.0 and DIGEST authentication
Resin DB-pooling + authentication. HELP!
web.xml security constraint won't work with roles