Whenever you want to use BASIC or Form based container authentication, you need to activate this using security constraints in the web.xml. This is all pretty straightforward for as long as you don't mind that everybody including editors need to go through this container security thing. The problem start when you don't want to hassle the editors. In that case read on..
The solution lies in 2 things:
- Add security constraints for all edit side stuff to exclude them for security again
- Rewrite some some urls used for preview so that they can also pass security.
Add this to your web.xml:
Furthermore add these rewrite rules to your httpd.conf in the edit side vhost:
Labels: