Hi
I have security-constraint set up over my whole project, it's set up like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>MyProject</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Administrator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>MyProject</realm-name>
</login-config>
in web.xml. Then i have set up users and roles in jboss. Everything works ok, but I want to exclude one pattern from this constraint. The reason is that outside company need to have access to one of my servlets, and it's an automated process. So I send them URL to servlet and their system then uses it. I have created one more constraint for this servlet, with another password and user, then tried to access it this way:
http://login:pass@myhost.com/MyProject/ExcludedResource
but it doesn't work :/
Can anyone give me a hint how to solve it?