No solution. You can filter prefix, or suffix, but not both.
-Tim
Marquez, Omar wrote:
Hi,
Im using Tomcat Form-based Authentication with a JDBC realm, this is working
ok for all my pages that are protected trough web.xml with
<security-constraint>
<web-resource-collection>
<web-resource-name>All System</web-resource-name>
<url-pattern>*.do</url-pattern>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>sys_user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
however, now I have a set of pages, report*.jps and report*.do for which I
would like to NOT require authentication. I.e. "Public access". My question
is how can I declare a Public Resource in web xml that will not affect the
"All System" security constrain above ?
I tried, without luck, inserting before the constrain above a new constrain
like so:
<security-constraint>
<web-resource-collection>
<web-resource-name>Public Resources</web-resource-name>
<url-pattern>/includes/*</url-pattern>
<url-pattern>report*.do</url-pattern>
<url-pattern>report*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Anonymous</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
Anybody knows the solution for this problem?
Thanks,
Omar
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]