I need to protect my application, my web.xml looks like:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>

<auth-constraint>
<role-name>operator</role-name>
</auth-constraint>
</security-constraint>

I need to protect all directories, except one, it is possible? the tag <url-pattern>/*</url-pattern> means, that all files from root are protected. I need to specify one unprotected directory. Do somebody knows how?