The servlet filter defined for the context-root filters requests for all the content present in the web root, except the login page or pages mentioned in the web.xml file as "bypass.uri". When the servlet filter receives the request for a resource, it validates the request session ID. If the request session ID is valid, it redirects to the particular resource. If the request session ID is invalid, it redirects to the login page. The servlet filter definition is stored in the web.xml file and url-pattern element contains all the URLs that need filter authentication.
If you want to add certain URLs for which the filter authentication should not be applied, add a config-param element for each such URL in the web.xml (located inside your EARFILE/WARFILE/WEB-INF) file as follows:
<config-param>
<param-name>bypass.uri.1</param-name>
<param-value>/console/login.jsp</param-value>
</config-param>
<config-param>
<param-name>bypass.uri.2</param-name>
<param-value>/console/start.jsp</param-value>
</config-param>
<config-param>
<param-name>bypass.uri.3</param-name>
<param-value>/console/public/screens</param-value>
</config-param>
where param-value element contains the URI for which you do not want filter authentication.
Also, if you want all the files in a particular folder to be bypassed from filter authentication, specify the folder path from the context root as the bypass URI in the param-value element.