Is there a way to exclude the login form pages from being constrained while
constraining the
entire application? I know I can constrain each directory separately and not constrain
the
directory that contains the login pages. But can I constrain /* and exclude the login
pages?
<security-constraint>
<web-resource-collection>
<web-resource-name>Test</web-resource-name>
<url-pattern>/login.jsp</url-pattern>
<url-pattern>/login_error.jsp</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Test</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
