Whitelist security constraint in web.xml

by

I would try the following:

<security-constraint>
    <web-resource-collection>
        <url-pattern>/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <!-- no auth-constraint tag here -->
</security-constraint>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>restricted methods</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
   <auth-constraint/>
</security-constraint>

The first security-constraint does not have any auth-constraint, so the GET and POST methods are available to anyone without login. The second restricts other http methods for everybody. (I haven’t tried it.)

More Related Contents:

  1. “The Struts dispatcher cannot be found” error while deploying application on WebLogic 12.1.3
  2. Exception starting filter struts2 – tried adding JAR’s, but same result
  3. java.lang.ClassNotFoundException: org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter when starting Simple Struts2 Application
  4. org.apache.tomcat.util.bcel.classfile.ClassFormatException: Invalid byte tag in constant pool: 15
  5. How to create war files
  6. Can not find the tag library descriptor for “http://java.sun.com/jsp/jstl/core”
  7. Tomcat 404 error: The origin server did not find a current representation for the target resource or is not willing to disclose that one exists [duplicate]
  8. Unable to compile class for JSP: The type java.util.Map$Entry cannot be resolved. It is indirectly referenced from required .class files
  9. What is resource-ref in web.xml used for?
  10. How to configure Tomcat to connect with MySQL
  11. Cannot create JDBC driver of class ‘ ‘ for connect URL ‘null’ : I do not understand this exception
  12. JSP – What is wrong with scriptlets, and what to use instead [duplicate]
  13. How to clean up ThreadLocals
  14. The value for the useBean class attribute … is invalid [duplicate]
  15. Passing JVM arguments to Tomcat when running as a service?
  16. Native Library sqljdbc_auth.dll already loaded in another classloader
  17. Tomcat Server Error – Port 8080 already in use
  18. Singleton across JVM or Application instance or Tomcat instance
  19. Is security-constraint configuration for Tomcat mandatory?
  20. Do I really need web.xml for a Servlet based Java web application?
  21. Changing parameters after bind in Struts 2
  22. Apache Tomcat Not Showing in Eclipse Server Runtime Environments [duplicate]
  23. Tomcat – maxThreads vs. maxConnections
  24. Detecting client disconnect in tomcat servlet?
  25. How to start debug mode from command prompt for apache tomcat server?
  26. How to deploy a Java Web Application (.war) on tomcat?
  27. How to call a method before the session object is destroyed?
  28. global results across different packages defined in struts configuration file
  29. How do I send an e-mail in Java?
  30. How to use JTA support in Tomcat 6 for Hibernate?

Leave a Comment