You've disabled it in the sense that no matter what you type in, you will not be allowed in, but it's not a blackhole or tarpit situation (ie: the server does NOT respond in ANY way to a PUT or DELETE request). In the case of configuring a null role, the server still responds with an authorization request.
> -----Original Message----- > From: Adam Hardy [mailto:[EMAIL PROTECTED] > Sent: Monday, March 08, 2004 4:40 PM > To: Tomcat Users List > Subject: Re: Disabling PUT and DELETE methods in Tomcat 5 standalone > > > What I was implying is that you have effectively disabled it already > this way. > > Or are you able to do PUTs and DELETEs despite the security > constraint? > I'd be surprised. > > Adam > > On 03/08/2004 11:24 PM James Agnew wrote: > > So, how would I go about actually prevent PUT and DELETE for all > > users, logged in or otherwise? I've been hitting my head > against this > > one for some time, with no luck. The solution needs to allow > > anonymous users to access the site (i.e. no login) and > still prevent > > PUT and DELETE methods. > > > > Thanks, James > > > > > > > > > >>On 03/08/2004 10:15 AM funkster wrote: > >> > >>> <security-constraint> > >>> <web-resource-collection> > >>> <web-resource-name>Disable Methods</web-resource-name> > >>> <url-pattern>/*</url-pattern> > >>> <http-method>PUT</http-method> > >>> <http-method>DELETE</http-method> > >>> </web-resource-collection> > >>> <auth-constraint> > >>> <role-name></role-name> > >>> </auth-constraint> > >>> </security-constraint> > >>> > >>>I was under the impression that by not including a > <role-name> value, > > > > then > > > >>>all PUT and DELETE method requests are disabled since the security > >>>constraint cannot be linked to a role. However, the fact that it > >>>doesn't work yet means I'm doing something wrong somewhere! > >> > >>Well, you haven't disabled it. You have protected it. As > far as I can > >>tell, you would be required to login first, and then you would be > >>denied access. (When tomcat finds out that you are not in > no roles?!) > >> > >>Adam > >>-- > >>struts 1.1 + tomcat 5.0.16 + java 1.4.2 > >>Linux 2.4.20 Debian > >> > >> > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > -- > struts 1.1 + tomcat 5.0.16 + java 1.4.2 > Linux 2.4.20 Debian > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
