Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Embedded Jetty: securing only a few endpoints
Hello all.

Embedded Jetty Question.

What is the appropriate way to secure all endpoints *except* n endpoints? In my case, n is 4. If it makes a difference, my subclassed DefaultServlet serves up static content, and also handles the "/" endpoint in a particular way, depending on the configuration of the application.

My initial approach was:

1) Iterate over all of our servlets' paths (minus the 4 we want to remain insecure) and create a constraint mapping for each, and add those to the ConstraintSecurityHandler.

2) Add "/" to the ConstraintSecurityHandler.

It appears that adding the "/" constraint mapping secures everything. Perhaps this is according to spec; I just don't know.

Hence my original question. How to lock everything down, except n "path-specs"?

Thanks in advance, and apologies if I'm missing something obvious (highly likely).

Pete

Back to the top