Or are you able to do PUTs and DELETEs despite the security constraint? I'd be surprised.
Adam
On 03/08/2004 11:24 PM James Agnew wrote:
So, how would I go about actually prevent PUT and DELETE for all users, logged in or otherwise? I've been hitting my head against this one for some time, with no luck. The solution needs to allow anonymous users to access the site (i.e. no login) and still prevent PUT and DELETE methods.
Thanks, James
On 03/08/2004 10:15 AM funkster wrote:
<security-constraint> <web-resource-collection> <web-resource-name>Disable Methods</web-resource-name> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name></role-name> </auth-constraint> </security-constraint>
I was under the impression that by not including a <role-name> value,
then
all PUT and DELETE method requests are disabled since the security constraint cannot be linked to a role. However, the fact that it doesn't work yet means I'm doing something wrong somewhere!
Well, you haven't disabled it. You have protected it. As far as I can tell, you would be required to login first, and then you would be denied access. (When tomcat finds out that you are not in no roles?!)
Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
