I want to protect all JSPs in my app. (using web-resource-collection) except one (logon.jsp), how can I do it ?
<!ELEMENT web-resource-collection (web-resource-name, description?,
Unfortunately, the web.xml file only allows you to specify resource that your are protecting, and does not allow exclusions. You need to:
1. Protect all your directories: /directory/*
2. Project all the JSP in your root directory: /index.jsp
3. Leave login.jsp off this list.
Another trick: make your login page some other than a JSP: login.html. Then you can protect *.jsp and login.html will not be protected.