Thanks for your response. I tried your suggestion, unfortunately it did not work. There must be a solution for this as most web applications have both public and protected URLs.
On Fri, Oct 14, 2011 at 5:50 PM, sailendra karthik < karthiksailen...@gmail.com> wrote: > On 10/15/11, Yogesh Shankarappa <yogsb...@gmail.com> wrote: > > Hello All, > > > > > > I am trying to configure web.xml to have both protected and > > public URLs but still the app > > authenticates the public URLs. Protected URLs works fine. I would greatly > > appreciate if you can > > help to configure the whole application has protected except for few URLs > > which should be public > > and without authentication. I could have added each URL for protected but > > there are plenty hence > > using /* for protected. > > > > *protected URLs* > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Protected</web-resource-name> > > <url-pattern>/*</url-pattern> > > </web-resource-collection> > > <auth-constraint> > > <role-name>AUTHENTICATED_USERS</role-name> > > </auth-constraint> > > </security-constraint> > > > > *public URLs* > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Unprotected</web-resource-name> > > <url-pattern>/public/welcome.html</url-pattern> > > </web-resource-collection> > > </security-constraint> > > > > > > Thanks in advance. > > > > > > Thanks > > Yogesh > > > > > Try to do like this for public urls Put an empty auth-constraint Tag > > > *public URLs* > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Unprotected</web-resource-name> > > <url-pattern>/public/welcome.html</url-pattern> > > </web-resource-collection> > > <auth-constraint /> > > </security-constraint> > > > > > > > Reference:- http://java.dzone.com/articles/understanding-web-security > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
