It can't be done (at least without hacking :). The servlet-spec only tells how to secure a page. There is no concept of un-securing a page.
If you are using iPlanet+Tomcat, and the un-secure areas are all static content, then you can configure iPlanet to serve the un-secure areas (bypassing Tomcat's security checks). If it works, this is probably the easiest. Otherwise you probably would need to plug in your own custom Authenticator that would be smart enough to un-secure some configured set of URLs. "Bob Damato" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Security for the site I'm working with was originally done via IPlanet's > internal security. I'd like to move to using the webapp security in > Tomcat. Under iPlanet, the security was set up with the entire site - /* > - being secured, then specific uri's were explicitly declared > un-secured. > > So, essentially we have > /* - secured > and say > /errors/* - explicitly open to the public > > Is this possible to replicate using Tomcat's security? It would be > excruciating to reorganize the site, so I'd love to avoid that. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
