I would like to exclude only one JSP file question.jsp from security-constraint.
I have this from my web.xml:
<security-constraint>
<display-name>My Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>*.do</url-pattern>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
Just add a free-pages section, without providing any auth-constraint. It will take precedence over protected pages:
<security-constraint>
<web-resource-collection>
<web-resource-name>free pages</web-resource-name>
<url-pattern>/question.jsp</url-pattern>
</web-resource-collection>
</security-constraint>
One way to go about this is to move all your secure JSP content to a specific directory path (say /protected/ from web root) and then your web.xml content will look like :
<security-constraint>
<display-name>My Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/protected/*.jsp</url-pattern>
You may leave your public JSPs on default docroot or to some other directory path as required.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 放荡不羁爱自由 的文章《Exclude a JSP from web.xml's security-contrain》','https://www.manongdao.com/article-431606.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}