I'm trying this on 3.1.8 but not having any luck:
<security-constraint role-name='viewer> <url-pattern> <include-pattern>/*</include-pattern> <exclude-pattern>/usr/something.jsp</exclude-pattern> </url-pattern> </security-constraint> The above does not work. This works: <security-constraint url-pattern='/*' role-name='viewer'/> I've also tried variations with: <security-constraint role-name='viewer> <url-pattern> <include-regexp>any regexp that excludes some things..</include-pattern> </url-pattern> </security-constraint> or exclude-regexp. None work. Is there a way to accomplish applying a security contrains to everything BUT a certain page or directory? They all either don't authenticate at all for authenticate for everything (for me at least) Ryan -- NOTICE: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. Nothing contained in this message or in any attachment shall constitute a contract or electronic signature under the Electronic Signatures in Global and National Commerce Act, any version of the Uniform Electronic Transactions Act or any other statute governing electronic transactions. _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest