Can I exclude some concrete urls from <url-pattern> inside <filter-mapping>?

The standard Servlet API doesn't support this facility. You may want either to use a rewrite-URL filter for this like Tuckey's one (which is much similar Apache HTTPD's mod_rewrite), or to add a check in the doFilter() method of the Filter listening on /*.

String path = ((HttpServletRequest) request).getRequestURI();if (path.startsWith("/specialpath/")) {    chain.doFilter(request, response); // Just continue chain.} else {    // Do your business stuff here for all paths other than /specialpath.}

You can if necessary specify the paths-to-be-ignored as an init-param of the filter so that you can control it in the web.xml anyway. You can get it in the filter as follows:

private String pathToBeIgnored;public void init(FilterConfig config) {    pathToBeIgnored = config.getInitParameter("pathToBeIgnored");}

If the filter is part of 3rd party API and thus you can't modify it, then map it on a more specific url-pattern, e.g. /otherfilterpath/* and create a new filter on /* which forwards to the path matching the 3rd party filter.

String path = ((HttpServletRequest) request).getRequestURI();if (path.startsWith("/specialpath/")) {    chain.doFilter(request, response); // Just continue chain.} else {    request.getRequestDispatcher("/otherfilterpath" + path).forward(request, response);}

To avoid that this filter will call itself in an infinite loop you need to let it listen (dispatch) on REQUEST only and the 3rd party filter on FORWARD only.

See also:

• How to prevent static resources from being handled by front controller servlet which is mapped on /*
• How to handle static content in Spring MVC?

I used an approach described by Eric Daugherty: I created a special servlet that always answers with 403 code and put its mapping before the general one.

Mapping fragment:

  <servlet>    <servlet-name>generalServlet</servlet-name>    <servlet-class>project.servlet.GeneralServlet</servlet-class>  </servlet> <servlet>    <servlet-name>specialServlet</servlet-name>    <servlet-class>project.servlet.SpecialServlet</servlet-class> </servlet> <servlet-mapping>    <servlet-name>specialServlet</servlet-name>    <url-pattern>/resources/restricted/*</url-pattern> </servlet-mapping> <servlet-mapping>    <servlet-name>generalServlet</servlet-name>    <url-pattern>/resources/*</url-pattern> </servlet-mapping>

And the servlet class:

public class SpecialServlet extends HttpServlet {    public SpecialServlet() {        super();    }    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {        response.sendError(HttpServletResponse.SC_FORBIDDEN);    }    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {        response.sendError(HttpServletResponse.SC_FORBIDDEN);    }}

This approach works when you want to prevent a certain filter and all the following ones. It should work well if you eg. want to serve some content as static resources within your servlet container instead of letting your application logic (through a filter like GuiceFilter):

Map the folder with your static resource files to the default servlet. Create a servlet filter and put it before the GuiceFilter in your web.xml. In your created filter, you can separate between forwarding some requests to the GuiceFilter and others directly to the dispatcher. Example follows...

web.xml

<servlet-mapping>    <servlet-name>default</servlet-name>    <url-pattern>/static/*</url-pattern></servlet-mapping><filter>    <filter-name>StaticResourceFilter</filter-name>    <filter-class>com.project.filter.StaticResourceFilter</filter-class></filter><filter-mapping>    <filter-name>StaticResourceFilter</filter-name>    <url-pattern>/static/*</url-pattern></filter-mapping><filter>    <filter-name>guiceFilter</filter-name>    <filter-class>com.google.inject.servlet.GuiceFilter</filter-class></filter><filter-mapping>    <filter-name>guiceFilter</filter-name>    <url-pattern>/*</url-pattern></filter-mapping>

StaticResourceFilter.class

public class StaticResourceFilter implements Filter {    private final static Logger LOGGER = LoggerFactory.getLogger(StaticResourceFilter.class);    private static final String RESOURCE_PATH = "/static/";    @Override    public void init(final FilterConfig filterConfig) throws ServletException {        LOGGER.info("StaticResourceFilter initialized");    }    @Override    public void doFilter(final ServletRequest request, final ServletResponse response,                         final FilterChain chain) throws IOException, ServletException {        String path = ((HttpServletRequest) request).getServletPath();        if (path.toLowerCase().startsWith(RESOURCE_PATH)) {            request.getRequestDispatcher(path).forward(request, response);        } else {            chain.doFilter(request, response);        }    }    @Override    public void destroy() {        LOGGER.info("StaticResourceFilter destroyed");    }}

Unfortunately if you just want to skip a single step in the filter chain while keeping those that follows, this will not work.