I am working on application which allow all HTTP methods now we have requirement of disabling HTTP methods PUT,DELETE,TRACE and allow only POST and GET keeping security in mind. I have googled and got the <security-constraint>
<web-resource-collection>
<web-resource-name><strong>restricted methods</strong></web-resource-name>
<url-pattern><strong>/*</strong></url-pattern>
<http-method><strong>PUT</strong></http-method>>
<http-method><strong>DELETE</strong></http-method>
<http-method><strong>OPTIONS</strong></http-method>
<http-method><strong>TRACE</strong></http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
above is the code used in web.xml as i am using
tomcat. I have put the code in there, i want to know how should i
test if its working or not. Pleaseeee help on tracking this issue.