Security [SOLVED]: Jetty ConstraintMapping for any URL that doesn't match?

Security [SOLVED]: Jetty ConstraintMapping for any URL that doesn't match?

Home Forums Security Security [SOLVED]: Jetty ConstraintMapping for any URL that doesn't match?

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #36331

    Anonymous

    QuestionQuestion

    I’m trying to use ConstraintSecurityHandler to secure my app. It works great so far. However, I want to exclude certain paths from it — in particular I want any path that starts with /api/ to ignore the regular security/login (it’s secured with API tokens). I’d like something like


    /* (that doesn't match one of the below) Requires view role
    /api/* Skips security handler
    /admin/* Requires admin role

    Is there an easy way to accomplish this?

    #36332

    Anonymous

    Accepted AnswerAnswer

    ConstraintSecurityHandler implements the security constraints mechanism of the Servlet Spec.

    Its just a list of paths that are constrained. If it happens to overlap then the first constraint wins.

    The Servlet Spec constraints have no concept to “exclude” a path from the constraints.

    You could try to implement /api/* as a ConstraintMapping that has no Constraint (no roles, not authenticated, etc).

    Source: https://stackoverflow.com/questions/47914252/jetty-constraintmapping-for-any-url-that-doesnt-match
    Author: Joakim Erdfelt
    Creative Commons License
    This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.