2 Replies Latest reply on Mar 3, 2006 7:16 AM by Mahesh Kudva

    Security Exemption

    Mahesh Kudva Newbie

      Hi

      I have been running web apps with client certificate authentication. My requirement is that i want to exempt one .jsp file from this authentication purpose. My webapps web.xml is as follows:

      <security-constraint>
       <web-resource-collection>
       <web-resource-name>Volga</web-resource-name>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
      <security-constraint>
      


      How do i go about exemting one jsp file from cetificate authentication? The content of the file changes relative to the modifications done using the application..

      Regards & Thanks
      ================
      Mahesh S Kudva

        • 1. Re: Security Exemption
          chris griffith Expert

          Mahesh,

          The best way (AFAIK) to handle this situation is to put all the jsp's you want security contraints on in a subdirectory of root. For example you can use 'secured'. Then leave any pages that do not have constraints in root. Your web.xml will then look like this...

          ...
          <security-constraint>
           <web-resource-collection>
           <web-resource-name>Volga</web-resource-name>
           <url-pattern>/secured/*</url-pattern>
           <http-method>GET</http-method>
           <http-method>POST</http-method>
           </web-resource-collection>
          <security-constraint>
          ...
          


          enjoy, cgriffith