0

I have such configuration in a web.xml:

<security-constraint>
    <display-name>Constraint-0</display-name>
    <web-resource-collection>
        <web-resource-name>Constraint-0</web-resource-name>
        <url-pattern>/books</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>Buyer</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<security-constraint>
    <display-name>Constraint-1</display-name>
    <web-resource-collection>
        <web-resource-name>Constraint-1</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>Seller</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/failedlogin.jsp</form-error-page>
    </form-login-config>
</login-config>

<security-role>
    <role-name>Buyer</role-name>
</security-role>

<security-role>
    <role-name>Seller</role-name>
</security-role>

I would like to allow users visit registration.jsp page without authorization.

Question: What should I add to my web descriptor in order to make it happened?

Rudziankoŭ
  • 10,681
  • 20
  • 92
  • 192
  • Hey, dude! I see you are a new kid in servlets. This is a duplicate of http://stackoverflow.com/questions/15024235/how-to-exclude-one-url-from-authorization Good luck, block! – Rudziankoŭ Jul 12 '16 at 08:46
  • Oh, I am sorry, thank you, sir! I will delete my question. – Rudziankoŭ Jul 12 '16 at 08:47

0 Answers0