Description:

On the basis of using only realms definitions, is it possible to unprotect realm within a more global protecting realm? How can I do it?

Solution:

In order to unprotect some resources in that realm, you need to create a realm but without * character in ResourceFilter definition. Example:

First Realm:

/my_server (protected)
Rule to protect resource: /*

Second Realm to unprotect a specific resource in it:

"Realm for /my_server/my_application"
ResourceFilter: /my_server/my_application/

A more simple way to do it would be to apply the setting in the Web Agent ACO as:

IgnoreUrl="http://www.my_company.com/my_server/my_application/"

By using Web Agent ACO instead, you avoid useless call to the Policy Server to unprotect Resources within a given realm, that make performances better and trouble shooting easier.