Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

How to exclude servlet from security pattern?

843841Nov 6 2007 — edited Jul 28 2008

Hi

I have security-constraint set up over my whole project, it's set up like this:

<security-constraint>
<web-resource-collection>
<web-resource-name>MyProject</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Administrator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>MyProject</realm-name>
</login-config>

in web.xml. Then i have set up users and roles in jboss. Everything works ok, but I want to exclude one pattern from this constraint. The reason is that outside company need to have access to one of my servlets, and it's an automated process. So I send them URL to servlet and their system then uses it. I have created one more constraint for this servlet, with another password and user, then tried to access it this way:

http://login:pass@myhost.com/MyProject/ExcludedResource

but it doesn't work :/

Can anyone give me a hint how to solve it?

Locked Post

New comments cannot be posted to this locked post.

Locked on Aug 25 2008

Added on Nov 6 2007

#java-servlet

2 comments

1,771 views