Not accessible resources configuration

[richard groote]

Hello,

We are currently changing our security from standard JAAS (with login modules and security constraints) to the Pac4J based on JEE filters. The reason is that Pac4J supports more authentication methods out of the box and it's easier to configure.

Currently there is one scenario i don't know how to configure for Pac4J. In our 'old web,xml' we had secure resources, public resources and resources that are not accessible.  For instance there is an 'uploadFile' servlet which is some cases should never be accessible.

So the secure resources are within the 'url-mapping' of the security filter. The public resources are defined within a regular expression and using the path matcher. How can i best handle URI's that should never be accessible.

Kind regards,

Richard