This week's book giveaway is in the Other Languages forum.
We're giving away four copies of Functional Reactive Programming and have Stephen Blackheath and Anthony Jones on-line!
See this thread for details.
Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

problem with security constraints

 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hey,

i am trying to block the put and delete method on all incoming requests using a security constraint in the web.xml ..

for some reason however get post is blocked too

here is my tag



hope somebody can help

thanks
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34973
379
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sebastian,
There are (at least) two implementations that deal with the security constraints in different ways.
1) If you don't specify a method, everybody can access it.
2) If you don't specify a method, nobody can access it.

While we could debate which is "more correct", you are stuck with the implementation chosen by your application server. In your case, that would be approach #2. Can you edit the web.xml to add an entry for get/post to allow the security you want?
 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hey,

i changed the dd to the following, but still got the same result: access denied

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic