This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Is it possible do not use the security constraint on a specific page (action form struts) ? This is the specific page a don't to have any constraint meaning no login page should appear if the user is not login.
How should I modify the web.xml? <security-constraint> <web-resource-collection> <web-resource-name>GemConnect Preview</web-resource-name> <url-pattern>*.do</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>serviceManager</role-name> <role-name>csr</role-name> </auth-constraint> </security-constraint>
If the logged in user is not in the specified role (as determined by request.isUserInRole(roleName)), or not logged in at all, then the server will generate an HTML 401/403 error and go to the appropriate error page as specified in your web.xml (that's an assumption - I'm not sure exactly what happens)