1

I want to have unrestricted access for /gadgets/{any directory}/css/*. I tried to mention like this 

<security-constraint>
  <web-resource-collection>
    <web-resource-name>UnProtected Area</web-resource-name>
    <url-pattern>/gadgets/**/css/*</url-pattern>
  </web-resource-collection>
</security-constraint>

<security-constraint>
  <web-resource-collection>
    <web-resource-name>Protected Area</web-resource-name>
    <url-pattern>/gadgets/*</url-pattern>
  </web-resource-collection>
   <auth-constraint>
     <role-name>LOGIN</role-name>
   </auth-constraint>
</security-constraint>

But it is not working.

Robby Cornelissen
  • 91,784
  • 22
  • 134
  • 156
Riyad Ottayil
  • 21
  • 3

2 Answers2

0

The pattern you are trying to use is not supported by the servlet specification (downloadable here):

In the Web application deployment descriptor, the following syntax is used to define mappings:

  • A string beginning with a ‘/’ character and ending with a ‘/*’ suffix is used for path mapping.
  • A string beginning with a ‘*.’ prefix is used as an extension mapping.
  • The empty string ("") is a special URL pattern that exactly maps to the application's context root, i.e., requests of the form http://host:port//. In this case the path info is ’/’ and the servlet path and context path is empty string (““).
  • A string containing only the ’/’ character indicates the "default" servlet of the application. In this case the servlet path is the request URI minus the context path and the path info is null.
  • All other strings are used for exact matches only

Accordingly, if you need to match all CSS files, your should be able to specify it as an extension mapping:

<security-constraint>
  <web-resource-collection>
    <web-resource-name>Unprotected Area</web-resource-name>
    <url-pattern>*.css</url-pattern>
  </web-resource-collection>
</security-constraint>
Robby Cornelissen
  • 91,784
  • 22
  • 134
  • 156
0

i got the same Problem. My *.css and *.js Files are located in WebRoot/resources/css and in WebRoot/resources/script. To access those files I added the line <mvc:resources mapping="/resources/**" location="/resources/" /> to my "*-servlet.xml".
Now I allowed access for all user-roles by adding following code to my web.xml as the last security-constraint:
<security-constraint> <web-resource-collection> <web-resource-name>CSS and JS Files</web-resource-name> <url-pattern>/resources/*</url-pattern> </web-resource-collection> </security-constraint>
I hope this helps.

sttzP
  • 3
  • 5