As you can see, I have tried to explicitly open up the "default" URL, "/" but if I go to / on my app, SecurityFilter keeps matching it to the /* securerd constraint and prompts for login.
How can I get SF to open up the default URL, "/" and still lock down everything that is not explicitly opened?
Thanks in advance,
Eric
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am trying to use the strategy of securing everything by default and then explicitly allowing specific public URL patterns. So I have this:
<security-constraint>
<web-resource-collection>
<web-resource-name>Secured</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Employees</role-name>
</auth-constraint>
</security-constraint>
Which locks down everything, and then some more like this to open up specific things:
<security-constraint>
<web-resource-collection>
<web-resource-name>Open</web-resource-name>
<url-pattern>/</url-pattern>
<url-pattern>/index.jsp</url-pattern>
<url-pattern>/home.cmd</url-pattern>
<url-pattern>/images/*</url-pattern>
<url-pattern>/css/*</url-pattern>
<url-pattern>/js/*</url-pattern>
<url-pattern>/search.cmd</url-pattern>
<url-pattern>/edit.cmd</url-pattern>
</web-resource-collection>
</security-constraint>
As you can see, I have tried to explicitly open up the "default" URL, "/" but if I go to / on my app, SecurityFilter keeps matching it to the /* securerd constraint and prompts for login.
How can I get SF to open up the default URL, "/" and still lock down everything that is not explicitly opened?
Thanks in advance,
Eric