On 10/15/11, Yogesh Shankarappa <yogsb...@gmail.com> wrote: > Hello All, > > > I am trying to configure web.xml to have both protected and > public URLs but still the app > authenticates the public URLs. Protected URLs works fine. I would greatly > appreciate if you can > help to configure the whole application has protected except for few URLs > which should be public > and without authentication. I could have added each URL for protected but > there are plenty hence > using /* for protected. > > *protected URLs* > <security-constraint> > <web-resource-collection> > <web-resource-name>Protected</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>AUTHENTICATED_USERS</role-name> > </auth-constraint> > </security-constraint> > > *public URLs* > <security-constraint> > <web-resource-collection> > <web-resource-name>Unprotected</web-resource-name> > <url-pattern>/public/welcome.html</url-pattern> > </web-resource-collection> > </security-constraint> > > > Thanks in advance. > > > Thanks > Yogesh >
Try to do like this for public urls Put an empty auth-constraint Tag > *public URLs* > <security-constraint> > <web-resource-collection> > <web-resource-name>Unprotected</web-resource-name> > <url-pattern>/public/welcome.html</url-pattern> > </web-resource-collection> > <auth-constraint /> > </security-constraint> > > Reference:- http://java.dzone.com/articles/understanding-web-security --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org