web.xml <url-pattern> and <security-constraint> using RESTfull url

While using tomcat 6 on java6 with jax-rs (jersey), I'd like my clients to be able to 开发者_StackOverflow社区http GET /order but not GET /order/42

If I put something like /order/* it also matches /order

ie:

  <web-resource-collection>
     <web-resource-name>show a specific order</web-resource-name>
     <url-pattern>/order/*</url-pattern>
     <http-method>GET</http-method>
  </web-resource-collection>

If I http://localhost/order -> 401 same story for http://localhost/order/42

I believe this is not achievable with web.xml but just in case...

As a workaround,

You can configure a Filter at /order/* and check for the URL. if its /order/something redirect it to secured URL