Hi Alberto,
>- if I have a "security-constraint" section in web.xml protecting that
>resource, unauthorized accesses are not permitted.
In which case Tomcat returns a 403, which is what you said you wanted?
Regards,
Dies Koper
-----Original Message-----
From: Alberto Brosich [mailto:abrosich_at_ogs.trieste.it]
Sent: Friday, May 09, 2014 1:08 AM
To: users_at_jersey.java.net
Subject: [Jersey] Permit both authorized and unauthorized access
Hi,
I'm new to this list.
I have a simple problem but I cannot find a simple solution.
I have a web service written using Jersey 2.8 and deployed on tomcat 7.
A resource of that ws has to be accessed by all users (authorized or
not). In case of unauthorized access (no given username and password)
some resource could not be accessible and ws should return 403 error.
The problem is that:
- if I have a "security-constraint" section in web.xml protecting that
resource, unauthorized accesses are not permitted.
- If I remove "security-constraint" and client send authentication
information (BASIC), the servlet request does not contain any
authentication data (httpServletRequest.getUserPrincipal() is null).
I know that is not strictly a Jersey matter but some of you could have
already solved this problem.
Regards
Alberto