In a web.xml url-pattern matcher is there a way to exclude URLs?

By | December 4, 2017

I wrote a filter that needs to be invoked every time a url on my site is accessed EXCEPT the CSS, JS, and IMAGE files. So in my definition I’d like to have something like:

   <url-pattern>NOT /css && NOT /js && NOT /images</url-pattern>

Is there anyway to do this? The only documentation I can find has only /*


I ended up using something similar to an answer provided by Mr.J4mes:

   private static Pattern excludeUrls = Pattern.compile("^.*/(css|js|images)/.*$", Pattern.CASE_INSENSITIVE);
   private boolean isWorthyRequest(HttpServletRequest request) {
       String url = request.getRequestURI().toString();
       Matcher m = excludeUrls.matcher(url);

       return (!m.matches());

I think you can try this one:

@WebFilter(filterName = "myFilter", urlPatterns = {"*.xhtml"})
public class MyFilter implements Filter {

   public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
      String path = ((HttpServletRequest) request).getServletPath();

      if (excludeFromFilter(path)) chain.doFilter(request, response);
      else // do something

   private boolean excludeFromFilter(String path) {
      if (path.startsWith("/javax.faces.resource")) return true; // add more page to exclude here
      else return false;


The URL pattern mapping does not support exclusions. This is a limitation of the Servlet specification. You can try the manual workaround posted by Mr.J4mes.


Probably you could declare another “blank” filter for css, js etc, and put it before others filter mapping.


I used the security-constraint to access control. See the code:

        <web-resource-name>Unsecured resources</web-resource-name>

I follow this tutorial.

Leave a Reply

Your email address will not be published. Required fields are marked *