, February 26, 2005 3:33 PM
Subject: Re: How to disable PUT, DELETE http methods etc if not using
container managed security?
For TC 5.x.x, you need two security-constraints to do what you want. One
of them looks like your first example, and the other like your second
example (except
: How to disable PUT, DELETE http methods etc if not using
container managed security?
For TC 5.x.x, you need two security-constraints to do what you want. One
of them looks like your first example, and the other like your second
example (except that you probably want auth-constraint /, which
transport-guaranteeCONFIDENTIAL/transport-guarantee means that request
must be encrypted (use ssl)
Unless the default servlet (in conf/web.xml) is configured to allow put and
delete - there is not worry. (As long as your don't write any servlets to
handle put and delete)
-Tim
Ted Anagnost
For TC 5.x.x, you need two security-constraints to do what you want. One of
them looks like your first example, and the other like your second example
(except that you probably want auth-constraint /, which is deny all,
instead of role-name/ which is deny to all but the blank role). Since you
Is there a way to prevent PUT or DELETE http methods if you're not using
container managed security? If so, how?
I already have this to force the use of https:
security-constraint
web-resource-collection
web-resource-nameProtected Context/web-resource-name