Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

How to disable HTTP methods on glassfish 2  RSS feed

 
dongngh nguyen
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
dear all,

I'm using Glassfish 2, would any one let's me know how to disable HTTP methods such as PUT, DELETE, OPTIONS...?

I tried some configuration in web.xml as below, but does not work. Any help is very appreciated, thanks in advance.

<security-constraint>
<web-resource-collection>
<web-resource-name><strong>restricted methods</strong></web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the Ranch.

What this does (when it works) is not to disable those methods, but to require authentication, which isn't the same thing. If you have resources in your web app that respond to those methods, you could just remove those resources, no? Anything that extends from HttpServlet will just do nothing, or return an error code, of those methods are used but not implemented.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!