How to apply tomcat security role to all but one URL?

Question

How to apply tomcat security role to all but one URL?

My administrative web application is protected with basic-auth :

 <security-constraint> <web-resource-collection> <web-resource-name>myApp</web-resource-name> <description> Security constraint for Admin resources </description> <url-pattern>/*</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <description> constraint </description> <role-name>myrolename</role-name> </auth-constraint> <user-data-constraint> <description>SSL not required</description> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Admin Login</realm-name> </login-config>

However, I need to set an exception for a single URL (say / check / used by an automated service that checks if the web application will still be evenly distributed.

Unfortunately, I cannot activate basic authentication for this service.

How can I achieve this?

Many thanks.

+7

security tomcat web.xml

peterp Mar 15 '12 at 15:25

source share

1 answer

peterp · Accepted Answer · 2012-03-21T14:22:08+0000

Adding another constraint before <transport-guarantee>NONE</transport-guarantee> performed the trick

 <security-constraint> <web-resource-collection> <web-resource-name>Status page, accessed internally by application</web-resource-name> <url-pattern>/status/</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint>

How to apply tomcat security role to all but one URL?

More articles: