I have run into a problem, which has been bothering me for quite some time
now. We are using the Jersey Servlet to create a RESTful webservice. We have
configured basic auth in the web.xml and are using the glassfish file realm
to provide the required user data. This all has been working pretty well.
However, I have to have a path which uses a ID in its path. For instance
/myApp/[id]. This resource should be protected using basic auth. A subsequent
resource /myApp/[id]/thumb should be open - without any authentication. As
far as the security-constraint url-pattern in web.xml goes, this is not
possible, as I cannot specify a pattern like myApp/*/thumb to have a
different auth-constraint as myApp/*. Is there any way I can accomplish that?
--
[Message sent by forum member 'st.h']
View Post: http://forums.java.net/node/892930