For my Java web application I am using JAAS for authentication and authorization. Anything

Question

0

Asked: June 8, 20262026-06-08T23:18:20+00:00 2026-06-08T23:18:20+00:00

For my Java web application I am using JAAS for authentication and authorization. Anything

0

For my Java web application I am using JAAS for authentication and authorization. Anything is protected, but the login and error page, thus I configured my Jetty with:

ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");

Now I would like to offer a sign up page, is there a way to define an exception for the path spec? Regular expression do not work here as far as I have tested and seen in the source code.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-08T23:18:22+00:00

This can be solved with constraint relaxation.
You can add another constraint to your constraint mapping, which will relax the more general constraint for /*:

Constraint relaxation = new Constraint();
relaxation.setName(Constraint.ANY_ROLE);
relaxation.setAuthenticate(false);

ConstraintMapping rm = new ConstraintMapping();
rm.setConstraint(relaxation);
rm.setPathSpec("/signup");

Then you add this constraint as well to your ContextSecurityHandler

csh.addConstraintMapping(rm);

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

For my Java web application I am using JAAS for authentication and authorization. Anything

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply