tomcat security constraints

Question

How do you negate a security constraint in tomcat?

Basically, I have one security constraint defined which setup up basic authentication for the entire context.

How can I exclude one file, for example, /public-available.html from this? So I have authentication setup for everything, except this one resource.

Answer 1

Read this: http://java.dzone.com/articles/understanding-web-security In case you face any problem, let me know.

It will be much easier to manage your security constraint if you put files with different access in different folder/hierarchy. ex: /public/public-available.html, /restricted/xyz.html