Violeta Georgieva <[email protected]> wrote: >2013/6/20 <[email protected]> >> >> Author: markt >> Date: Thu Jun 20 10:38:49 2013 >> New Revision: 1494915 >> >> URL: http://svn.apache.org/r1494915 >> Log: >> Servlet 3.1 Implement the new deny-uncovered-http-methods element in >> server.xml
That should have said web.xml >That's for the xml but what about annotations? Good catch. I think we probably do need to check those but I want to re-read the spec and the EG discussion to be sure. >We are processing them when loading the servlet. >Shouldn't we add check for uncovered methods to the >o.a.catalina.core.StandardContext.addServletSecurity(...): I don't have the code to hand right now so I'm not sure about that. It isn't where I immediately thought of but it might be a better place to do it. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
