You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "David M. Holmes" <da...@yahoo.com> on 2000/12/19 21:08:57 UTC

security-constraint

Is there a way to exclude the login form pages from being constrained while constraining the
entire application? I know I can constrain each directory separately and not constrain the
directory that contains the login pages. But can I constrain /* and exclude the login pages?

	<security-constraint>
		<web-resource-collection>
			<web-resource-name>Test</web-resource-name> 
			<url-pattern>/login.jsp</url-pattern>
			<url-pattern>/login_error.jsp</url-pattern>
		</web-resource-collection>
	</security-constraint>

	<security-constraint>
		<web-resource-collection>
			<web-resource-name>Test</web-resource-name> 
			<url-pattern>/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>Admin</role-name>
		</auth-constraint>
	</security-constraint>


__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/