try changing
auth-constraint
role-name*/role-name
/auth-constraint
To
auth-constraint /
?
-Original Message-
From: Stephen More [mailto:[EMAIL PROTECTED]
Sent: 25 March 2006 18:25
To: users@tomcat.apache.org
Subject: Disabling put and delete http methods
I am having problems
Urm, what part of 'disabled' don't you understand ;-).
Tomcat has refused to pass on the request to the Servlet, since nobody is
authorized to perform this Method on it (hence the 403 - Forbidden).
Sending 404 is just wrong, since the resource does exist. Sending 405 would
mean that Tomcat is
I am having problems trying to disable put and delete.
I have searched the Internet and they all say the same thing.
Add the following:
security-constraint
web-resource-collection
web-resource-nameDisallowed Location/web-resource-name
url-pattern*/url-pattern
Well, your security-constraint is pretty much of a cluster-f*ck. Firstly,
you need url-pattern/*/url-pattern. Then you need auth-constraint /
(which is deny-from-all, what you have below is
allow-from-authenticated-users).
I'm guessing that there is more that you're not telling us. While