Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] excluding a page from security check
check out the security-constraint section of the web.xml, you should be able to exclude via that mechanism

http://stackoverflow.com/questions/15024235/how-to-exclude-one-url-from-authorization

cheers,
Jesse

--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx

On Tue, Oct 6, 2015 at 5:25 AM, Bill Ross <ross@xxxxxxxxxxxx> wrote:
Now that I have security enabled, I have

<login-config>
  <auth-method>FORM</auth-method>
  <realm-name>Login</realm-name>
  <form-login-config>
     <form-login-page>/home/login/login.html</form-login-page>
     <form-error-page>/home/login/loginError.html</form-error-page>
  </form-login-config>
</login-config>

And I want to have text labeling a checkbox on the login page pop up a nondisclosure agreement - but this fails (opens the login page again) because the nondisclosure agreement is login-protected.

In login.html:

  <input type="checkbox" id="confidentiality" value="confidentiality">
    I agree with the
           <a href="" target="popup" _onclick_="window.open('/pr/home/login/confidentiality.html','Nondisclosure Agreement','width=600,height=400')">Confidentiality Agreement.</a><br>

Is there some way of specifying that confidentiality.html is not security-protected?

Thanks,
Bill
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

Back to the top