So, how would I go about actually prevent PUT and DELETE for all users, logged in or otherwise? I've been hitting my head against this one for some time, with no luck. The solution needs to allow anonymous users to access the site (i.e. no login) and still prevent PUT and DELETE methods.
Thanks, James > On 03/08/2004 10:15 AM funkster wrote: > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Disable Methods</web-resource-name> > > <url-pattern>/*</url-pattern> > > <http-method>PUT</http-method> > > <http-method>DELETE</http-method> > > </web-resource-collection> > > <auth-constraint> > > <role-name></role-name> > > </auth-constraint> > > </security-constraint> > > > > I was under the impression that by not including a <role-name> value, then > > all PUT and DELETE method requests are disabled since the security > > constraint cannot be linked to a role. However, the fact that it doesn't > > work yet means I'm doing something wrong somewhere! > > Well, you haven't disabled it. You have protected it. As far as I can > tell, you would be required to login first, and then you would be denied > access. (When tomcat finds out that you are not in no roles?!) > > Adam > -- > struts 1.1 + tomcat 5.0.16 + java 1.4.2 > Linux 2.4.20 Debian > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
