Should I assume the missing apostrophe in the example that doesn't work is actually there in your test case?
<security-constraint role-name='viewer> should be <security-constraint role-name='viewer'> Aaron > I'm trying this on 3.1.8 but not having any luck: > > <security-constraint role-name='viewer> > <url-pattern> > <include-pattern>/*</include-pattern> > <exclude-pattern>/usr/something.jsp</exclude-pattern> > </url-pattern> > </security-constraint> > > > The above does not work. This works: > <security-constraint url-pattern='/*' role-name='viewer'/> > > I've also tried variations with: > <security-constraint role-name='viewer> > <url-pattern> > <include-regexp>any regexp that excludes some things..</include-pattern> > </url-pattern> > </security-constraint> > > or exclude-regexp. None work. Is there a way to accomplish applying a > security contrains to everything BUT a certain page or directory? They all > either don't authenticate at all for authenticate for everything (for me at > least) > > Ryan > > _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest