Security constraint in web.xml not getting applied to URL patterns having file extension

Question

I have the following security constraints entered in the web.xml. My objective is that the XML files are in the Public area. This works for the /images/* folder. Ho

Answer 1

Actually, the sequence of the placement is issue, first security constraints should be the super_user, then public area security constraints. If your put the security constraint belong of public area it will be over written by followed security constraints.

Answer 2

One of your other URL patterns matches more than this url-pattern - *.xml requestURI, that's why it's not working. For example, if you have /test/list/user.xml, then this will be treated as a web resource collection in Super user Area and thus SUPER_USER can only have access. so, ensure that url-pattern is declared more specific to resources to avoid clashes and mis-interpretation. Thanks