We are hosting a web application on Apache 2, which contains both secured resources and login handler under the same document root. The JWT token is generated by the login handler and will be passed to all subsequent UI request. Is there any configuration to whitelist few resources to by pass validation of JWT token as Login handler related UI resources won't be getting JWT token.
Yes it is possible.
Have a look on RequireAll and RequireAny directives. You can either require the user to be valid (default), or require the URL to be one of a whiltelist.
We are hosting a web application on Apache 2, which contains both secured resources and login handler under the same document root. The JWT token is generated by the login handler and will be passed to all subsequent UI request. Is there any configuration to whitelist few resources to by pass validation of JWT token as Login handler related UI resources won't be getting JWT token.