Home/ Questions/Q 8997223
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T23:51:34+00:00

Scenario: Security (access only via credentials) should be enabled for some servlets, but for

  • 0

Scenario:

Security (access only via credentials) should be enabled for some servlets, but for others not. All via web.xml.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This is how it’s done:

    First the security role + login config:

    <security-role>
  <description>
    Main user for admin GUI
  </description>
  <role-name>admin</role-name>
</security-role>

<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>my login</realm-name>
</login-config>

    This servlet that should be accessed publicly:

    <servlet>
  <description>Landing Page for Admin GUI</description>
  <display-name>StartServlet</display-name>
  <servlet-name>StartServlet</servlet-name>
  <servlet-class>StartServlet</servlet-class>
</servlet>

<servlet-mapping>
  <servlet-name>StartServlet</servlet-name>
  <url-pattern>/index.html</url-pattern>
</servlet-mapping>

    Restriction for all pages (only accessible via admin user):

    <security-constraint>
  <web-resource-collection>
    <web-resource-name>Private</web-resource-name>
    <description>Matches all pages</description>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
     <role-name>admin</role-name>
  </auth-constraint>
</security-constraint>

    Public are only those:

    <security-constraint>
  <web-resource-collection>
    <web-resource-name>Public</web-resource-name>
    <description>Makes the landing page explicitly public (overrides Private above since more specific!)</description>
    <url-pattern>/index.html</url-pattern>
  </web-resource-collection>
  <!-- No auth-constraint = everybody has access! -->
</security-constraint>
    • 0