我的管理web应用程序使用basic-auth:进行安全保护
<security-constraint>
<web-resource-collection>
<web-resource-name>myApp</web-resource-name>
<description>
Security constraint for
Admin resources
</description>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>
constraint
</description>
<role-name>myrolename</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Admin Login</realm-name>
</login-config>
然而,我需要为单个URL建立一个排除(比如/check/,由自动服务使用,检查web应用程序是否仍在定期运行。
很遗憾,我无法激活此服务的基本身份验证。
我怎样才能做到这一点?
非常感谢。
在使用<transport-guarantee>NONE</transport-guarantee>之前添加另一个约束实现了
<security-constraint>
<web-resource-collection>
<web-resource-name>Status page, accessed internally by application</web-resource-name>
<url-pattern>/status/</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>