184.108.40.206: Rest Service using Basic Auth - no authentication on subsequent paths
I have run into a problem, which has been bothering me for quite some time now. We are using the Jersey Servlet to create a RESTful webservice. We have configured basic auth in the web.xml and are using the glassfish file realm to provide the required user data. This all has been working pretty well. However, I have to have a path which uses a ID in its path. For instance /myApp/[id]. This resource should be protected using basic auth. A subsequent resource /myApp/[id]/thumb should be open - without any authentication. As far as the security-constraint url-pattern in web.xml goes, this is not possible, as I cannot specify a pattern like myApp/*/thumb to have a different auth-constraint as myApp/*.
Is there any way I can accomplish that?