0

I have a java ee-struts application using websphere and everything is restricted if the user is not logged in. Even the static resources like css and images.I would like to unrestrict access for 2 things, the style.css and blue_logo.gif files so that they are available without beeing registered. I have found this post here that shows how to do it but i don't know how to write the exact path to specify each of the 2 resources that i need.Could someone please provide me with the exact path based on the folder structure that i provided? Thank you

This is the code that i have and that restricts everything.This is from the web.xml file located in the WEB-INF folder of my module.

<security-constraint>
   <display-name>ABC_Access<display-name>
   <web-resource-collection>
       <web-resource-name>All_resources</web-resource-name>
       <url-pattern>/*</url-pattern>
   <web-resource-collection>
   <auth-constraint>
       <description>all_authent</description>
       <role-name>all</role-name>
   </auth-constraint>
</security-constraint>

my Folder Structure is :

src>main>webapp>WEB-INF>web.xml
               >css>style.css
               >images>blue_logo.gif
Roman C
  • 49,761
  • 33
  • 66
  • 176
Andrew
  • 3
  • 1

1 Answers1

0

You should have additional constraint like this, WITHOUT auth-constraint. Check this - "If there is no authorization constraint, the container must accept the request without requiring user authentication." Specifying an Authorization Constraint

<security-constraint>
   <display-name>Unprotected resources<display-name>
   <web-resource-collection>
       <web-resource-name>unprotected_resources</web-resource-name>
       <url-pattern>/images/*</url-pattern>
       <url-pattern>/css/*</url-pattern>
   <web-resource-collection>
    <!-- do not provide auth-constraint -->
</security-constraint>
Gas
  • 17,601
  • 4
  • 46
  • 93