I am working on application which allow all HTTP methods now we have requirement of disabling HTTP methods PUT,DELETE,TRACE and allow only POST and GET keeping security in mind. I have googled and got the <security-constraint>
above is the code used in web.xml as i am using tomcat. I have put the code in there, i want to know how should i test if its working or not. Pleaseeee help on tracking this issue.
To test various HTTP methods (GET, POST, PUT, DELETE, HEAD, OPTIONS, and TRACE), you can use apache commons HTTP client.
For this you'll have to create a standalone java client which can utilize different HTTP methothods available with apache HTTP Client to simulate different HTTP requests.
Thanks for replying. Yeah this is an option what you mentioned but I want to know do we have any open source tool to test or i can say scan the tomcat to check whether these methods are working after disabling in tomcat's web.xml if you have any idea about that it will be very helpful.
I have tried curl from command line but i did not get any command that help us to test these condition there are get and post command
. I also disable the TRACE in the web.xml but when i run the curl command for trace like curl -trace trace.txt this command is still working however it as per consrtaint it should not work may be i was doing something wrong. if you have any idea about this it will be very helpful.