for reasons of performance that's not possible, url patterns are used in filters, if they would be too complex this would impose a too high load on the server (for each request the patterns are checked)
according to the specs you can use wildcards on directories or filenames only, or go for exact matches
/bbb* is not aven valid, you can do <url-pattern>*.jsp</url-pattern> or <url-pattern>/my/path/*</url-pattern> but no mixing
this annoyed to hell out of me too
a workaround is to put your pages in specially designed directories, but I'm not sure if you want to jump through those hoops
Thanks for that Wouter,
If I could just ask one more thing about security-constraints and web resource collections, please ?
When I try to access a url which is in a protected resource collection in web.xml, I always get sent to my login page, even when I have already been to it before in the same session and logged in through JAAS.
How can I prevent this happening, please ? I only want it to send me there when I haven't logged in yet.
the behavior you describe is not normal, the way you expect it to work is indeed how it should work
for each request the security interceptor checks whether your user has been authenticated in the session (please note the session invalidates after a certain amount of inactivity)
you should only be forwarded to your login page when the container thinks your user is not authenticated
I never experienced what you describe, I would need more details in order to give more feedback...