Security constraints declaratively in web.xml

Hello,
I have a web app where I've set up BASIC auth for users. I want to exclude a specific url pattern from this basic authorization. Is there a way to specify an exclusion pattern in web.xml's web-resource-collection for this ? I'm running my web-app in Resin 3.0.
Here is my web.xml:
--------------------------------------------------
<security-constraint>

<web-resource-collection>
<web-resource-name>A Protected Page</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>

<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>*</realm-name>

<authenticator resin:type="com.caucho.server.security.XmlAuthenticator">
<password-digest>none</password-digest>
<user>protecteduser

rotecteduser:user</user>
</authenticator>
</login-config>
--------------------------------------------------

Thanks,
Mallika.

Hi Mallika,

I too need the same i want to exclude some pattern, If you find some solution please post it.

There is no way to specify which URLs not to protect. You may have to restructure your URL space so that you can specify which URLs to protect.