RE: Disabling put and delete http methods...

[Peter Fellwock]

There is not switch at the tomcat configuration level? 

I know apache has one limit where you can specify to block http
methods...

-peter

-Original Message-
From: Anto Paul [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 06, 2005 10:04 PM
To: Tomcat Users List
Subject: Re: Disabling put and delete http methods...

On 6/7/05, Peter Fellwock [EMAIL PROTECTED] wrote:
 Tomcat Gurus:
 
 
 
 How can I disable put and delete http methods?
 

Putting a security constraint in web.xml works. Try this in
applications web.xml. Usually it will be last element in the web.xml.

security-constraint
web-resource-collection
web-resource-nameDisallowed Location/web-resource-name
url-pattern*/url-pattern
http-methodDELETE/http-method
http-methodPUT/http-method
/web-resource-collection
auth-constraint
role-name*/role-name
/auth-constraint
 /security-constraint


-- 
rgds
Anto Paul

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Disabling put and delete http methods...

[Anto Paul]

On 6/7/05, Peter Fellwock [EMAIL PROTECTED] wrote:
 Tomcat Gurus:
 
 
 
 How can I disable put and delete http methods?
 

Putting a security constraint in web.xml works. Try this in
applications web.xml. Usually it will be last element in the web.xml.

security-constraint
web-resource-collection
web-resource-nameDisallowed Location/web-resource-name
url-pattern*/url-pattern
http-methodDELETE/http-method
http-methodPUT/http-method
/web-resource-collection
auth-constraint
role-name*/role-name
/auth-constraint
 /security-constraint


-- 
rgds
Anto Paul

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]