Hello,
I'm trying to build an authentication mechanism using the <security-constraint>
tag in web.xml
E.G.
<security-constraint>
<web-resource-collection>
<web-resource-name>My App</web-resource-name>
<url-pattern>*.action</url-pattern>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>aliveadmin</role-name>
</auth-constraint>
</security-constraint>
This snippet says that any url ending with ".action" or ".jsp" should be
authenticated first, and works OK.
However, I need to exclude some specific urls which end with ".action". (e.g.
RSS feed urls that contain the string "rss").
Is there a way to do so with the example I brought above?
(I tried to define this rule by a regexp, but tomcat showed errors on startup
about that.)
Thank you, any links related to this are as well welcome.
Kind regards, Nareg Garabedian
