I was playing and searching around for how to exclude a URL from the security constraint in the web.xml file in App Engine. For my application everyone has to be authenticated to access anything in the application and I don't want to add every URL to the pattern. So my first security constraint is just the url-pattern to
/* and the role-name to
<security-constraint> <web-resource-collection> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint>
If you now want to exclude one or more URLs you just have to add another security-constraint and without the auth-constraint tag. This will exclude these URLs.
<security-constraint> <web-resource-collection> <url-pattern>/dataReceiverServlet</url-pattern> </web-resource-collection> </security-constraint>