I have a web application set to prompt for a user name and password at every
point of entry. Everything requires basic authentication except for one URL
called showStatus which is designed to show the status of the application.
The showStatus URL does not require authentication. The problem is that even
when the showStatus URL is accessed the password dialog is still shown. I am
able to click cancel, or OK and still access the page, but I would like to
know how to disable the dialog box for the showSession URL.
Here is the content of web.xml:
<!-- constraint for restricted pages --> <security-constraint>
<display-name>restricted access</display-name> <web-resource-collection>
<web-resource-name>Secure Pages</web-resource-name> <description/>
<url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint>
<description/> <role-name>USERS</role-name> </auth-constraint>
</security-constraint> <!-- do not require authentication for showStatus URL
--> <security-constraint> <web-resource-collection>
<web-resource-name>ShowStatus</web-resource-name>
<url-pattern>/showStatus.action</url-pattern> <http-method>GET</http-method>
</web-resource-collection> </security-constraint> <!-- need the login prompt
to appear for everything but showStatus --> <login-config>
<auth-method>BASIC</auth-method> <realm-name>MYREALM</realm-name>
</login-config> <security-role> <role-name>USERS</role-name> </security-role>
Any help would be greatly appreciated.
--
[Message sent by forum member 'gsjava']
View Post: http://forums.java.net/node/884439