Is it possible do not use the security constraint on a specific page (action form struts) ? This is the specific page a don't to have any constraint meaning no login page should appear if the user is not login.
How should I modify the web.xml? <security-constraint> <web-resource-collection> <web-resource-name>GemConnect Preview</web-resource-name> <url-pattern>*.do</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>serviceManager</role-name> <role-name>csr</role-name> </auth-constraint> </security-constraint>
If the logged in user is not in the specified role (as determined by request.isUserInRole(roleName)), or not logged in at all, then the server will generate an HTML 401/403 error and go to the appropriate error page as specified in your web.xml (that's an assumption - I'm not sure exactly what happens)