On Apr 17, 2009, at 2:55 PM, Ryan Vanderwerf wrote: > > > I'm trying this on 3.1.8 but not having any luck: > > <security-constraint role-name='viewer> > <url-pattern> > <include-pattern>/*</include-pattern> > <exclude-pattern>/usr/something.jsp</exclude-pattern> > </url-pattern> > </security-constraint> > > > The above does not work. This works: > <security-constraint url-pattern='/*' role-name='viewer'/> > > I've also tried variations with: > <security-constraint role-name='viewer> > <url-pattern> > <include-regexp>any regexp that excludes some things..</include- > pattern> > </url-pattern> > </security-constraint> > > or exclude-regexp. None work. Is there a way to accomplish applying > a security contrains to everything BUT a certain page or directory? > They all either don't authenticate at all for authenticate for > everything (for me at least)
It should be working on a first-match basis. So you can create a security-constraint with no requirement for the page that should automatically pass, and then have one matching everything else. -- Scott > > > Ryan > > -- > > NOTICE: This e-mail message is for the sole use of the intended > recipient(s) and may contain confidential and privileged > information. Any unauthorized review, use, disclosure or > distribution is prohibited. Nothing contained in this message or in > any attachment shall constitute a contract or electronic signature > under the Electronic Signatures in Global and National Commerce Act, > any version of the Uniform Electronic Transactions Act or any other > statute governing electronic transactions. > > > _______________________________________________ > resin-interest mailing list > resin-interest@caucho.com > http://maillist.caucho.com/mailman/listinfo/resin-interest _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest