Yup I solved this , just not deleting anything, I am not just setting flag to yes or no.
Thanks Chris. On Fri, Sep 4, 2015 at 3:44 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Kiran, > > On 9/4/15 3:19 PM, Kiran Badi wrote: > > I have CRUD Multipart request and I have implemented it correctly > > works fine at my local host. > > > > I have upload upload pdf and tiff files, all this implemented via > > ajax call using onchange handler on file input multiple tag. > > > > The challenge I am having is that doDelete just deletes the file > > with the request on server, but their is no protection. > > > > How do I protect doDelete call from getting misused ? > > > > Is their something in Tomcat I can use to protect doDelete vals > > from getting misused ? > > How do you do user authentication and authorization? The doDelete > method should be protected by default if you have enabled > container-managed authentication and authorization. > > Also, the default doDelete method should be a no-op and therefore > safe. If you have implemented your own doDelete method, you can use > whatever safety-checks you with in order to prevent misuse. > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJV6fSSAAoJEBzwKT+lPKRYa60QAJMiKXcobGQ0RK/7e515DKEz > DEa34PrMGaiLvrFlw0Y9UwiS3wnUl1isRXycTTuIVFGr6uFUkRvWFcT7d1QM0s2M > mm3kIEPbtMQR54Exr0r9zGE1Ds+wWzPz12s/F4B3Wt1WKdqaobPLMTucD1Mvha/M > uAOFUBCGNhH7hQnu2w0Vcj9vNoEQnezSrgj8DtovxOT/lfDugJ6P3ToJEIG/tlEn > m3qMEkeIqZvGP+fRYHdAxNYoSrOJ3EDvKMxjIOFHWzHNZ/eVBQCn7qg8TaiOPf4f > h7q6bS2p0XZzzyXG9vamaMDepVCffXAfiC7Me6gDuPWd+J7/iabAgd8r1qhbKW4B > RbzTXKQ7yETYxqIVg3wzTUsCKJ8w/mzmKBz7VierYvrWOI0fu/14MbynZUSySnuq > 8fr+tTmAmQddJ34vmiCBfYhhYGBQgNXQM/cL5wS5gpdUufnA5Lzr93rJFEBcAajF > DLiOYEkfm+I8XPxP8ih25wceMvdf+y7NCBRu6c6zPb+/aCrjZEMyofS7+b92gK8B > AuwK3o2Xhb/vU/NThJXGW/vbzkCQTMJpZuePSP6yMpSjkPuTb7mysKIfqFsmC3dW > 6ctigwiYJYkK3xzP8RV4pdNGJTdjxMnWtvx0cDYQ1Zee+55UhJXp5LvKvwTeB8b1 > D45cr+g1BxpWZxe4r0Wx > =wWvm > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
