Home/ Questions/Q 7670113
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T15:44:53+00:00

My administrative web application is secured using basic-auth : <security-constraint> <web-resource-collection> <web-resource-name>myApp</web-resource-name> <description> Security

  • 0

My administrative web application is secured using basic-auth:

<security-constraint>
  <web-resource-collection>
    <web-resource-name>myApp</web-resource-name>
    <description>
      Security constraint for
      Admin resources
    </description>
    <url-pattern>/*</url-pattern>
    <http-method>POST</http-method>
    <http-method>GET</http-method>
  </web-resource-collection>
  <auth-constraint>
    <description>
      constraint
    </description>
    <role-name>myrolename</role-name>
  </auth-constraint>
  <user-data-constraint>
    <description>SSL not required</description>
    <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
</security-constraint>
<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>Admin Login</realm-name>
</login-config>

However, I need to establish an exclusion for a single URL (say /check/, used by an automated service checking whether the web application is still up in regular intervals.

Unfortunately I cannot activate basic authentication for this service.

How I can achieve this?

Thanks a lot.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Adding another constraint before with <transport-guarantee>NONE</transport-guarantee> did the trick

    <security-constraint>
    <web-resource-collection>
        <web-resource-name>Status page, accessed internally by application</web-resource-name>
        <url-pattern>/status/</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>
    • 0