That should work fine. /Content/*.do will still be considered an exact
pattern, and will be matched before the *.do extension pattern (no matter
what order they appear in the web.xml file). Only stuff that doesn't match
/Content/*.do but does match *.do will be secured in the example. You could
Hi Max,
Thanks for a explaining this in great detail.
Still I'm not able to solve my issue.
Here is problem with more description :
My current web.xml looks like :
security-constraint
web-resource-collection
web-resource-nameCCO/web-resource-name
Well, since it won't be protected under any of the other url-patterns, you
could simply remove this security-constraint:
security-constraint
web-resource-collection
web-resource-namePublic Resources/web-resource-name
url-pattern/pim/welcome.do/url-pattern
You should keep *.do for your servlet mapping.
Assuming you are using container-managed security, you can do something like
this for your security constraints:
security-constraint
web-resource-collection
web-resource-nameSecured Resources/web-resource-name
Would this be valid then:
security-constraint
web-resource-collection
web-resource-nameSecured Resources/web-resource-name
url-pattern*.do/url-pattern
/web-resource-collection
auth-constraint
role-namestrutsuser/role-name
/auth-constraint
5 matches
Mail list logo
