> From: Nar Karapetyan [mailto:[EMAIL PROTECTED] > Subject: An issue concerning authentication in Tomcat hosted > web application > > This snippet says that any url ending with ".action" or > ".jsp" should be authenticated first, and works OK. > > However, I need to exclude some specific urls which end with > ".action". (e.g. RSS feed urls that contain the string "rss").
There's no provision for using regular expressions in section 12 of the Servlet Spec. I think you can add another <security-constraint> listing the specific RSS URLs you want to allow, but do not include a nested <auth-constraint> element. This should allow unauthenticated access, if I'm interpreting the spec (and Tomcat's implementation thereof) properly. You might want to take a look at SecurityFilter, which is more flexible than strict declarative security: http://securityfilter.sourceforge.net/ - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
