如何排除授权一个网址
问题描述:
我的web.xml如下:
My web.xml looks like:
<security-constraint>
<web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Role</role-name>
</auth-constraint>
</security-constraint>
该保护授权,每边,但我想排除/信息。这可能吗?
this protect every side from authorization but I want exclude /info. Is this possible ?
答
省略&LT; AUTH约束&GT; 的元素&LT;安全 - 约束&GT; 为您不需要像认证的资源:
Omit the <auth-constraint> element in <security-constraint> for resources for which you don't need authentication like:
<security-constraint>
<web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/info</url-pattern>
</web-resource-collection>
<!-- OMIT auth-constraint -->
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Role</role-name>
</auth-constraint>
</security-constraint>