Hi,
For my application running on
Jboss 4.2.2, I need to disable the access to the application using HTTP methods like PUT, DELETE, ALLOW, etc. I have done this by adding the <security-constraint> tag to my application's web.xml. However, I want to do this at the Jboss level, instead of the application. I want that my Jboss server should allow only GET and POST requests and forbid the others.
This is what I have added to my web.xml
<security-constraint>
<display-name>excluded</display-name>
<web-resource-collection>
<web-resource-name>No Access</web-resource-name>
<url-pattern>*</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>ALLOW</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
I want to know if it is at all possible to do it at the Jboss level or I have to do it at the application level only. Please help me with this problem.
Thanks in advance