try changing <auth-constraint> <role-name>*</role-name> </auth-constraint>
To <auth-constraint /> ? -----Original Message----- From: Stephen More [mailto:[EMAIL PROTECTED] Sent: 25 March 2006 18:25 To: users@tomcat.apache.org Subject: Disabling put and delete http methods I am having problems trying to disable put and delete. I have searched the Internet and they all say the same thing. Add the following: <security-constraint> <web-resource-collection> <web-resource-name>Disallowed Location</web-resource-name> <url-pattern>*</url-pattern> <http-method>DELETE</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint> So I added that to jakarta-tomcat-5.0.28/conf/web.xml and restart. While this stops all deletes and puts it is also stopping all gets and posts too ! What am I doing wrong ? I placed it near the end of the file after the mime-mappings. -Thanks Steve More --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <FONT SIZE=1 FACE="VERDANA,ARIAL" COLOR=BLUE> ------------------------------------------------------- QAS Ltd. Registered in England: No 2582055 Registered in Australia: No 082 851 474 ------------------------------------------------------- </FONT> <FONT SIZE=1 FACE="VERDANA,ARIAL" COLOR=BLACK> Disclaimer: The information contained within this e-mail is confidential and may be privileged. This email is intended solely for the named recipient only; if you are not authorised you must not disclose, copy, distribute, or retain this message or any part of it. If you have received this message in error please contact the sender at once so that we may take the appropriate action and avoid troubling you further. Any views expressed in this message are those of the individual sender. QAS Limited has the right lawfully to record, monitor and inspect messages between its employees and any third party. Your messages shall be subject to such lawful supervision as QAS Limited deems to be necessary in order to protect its information, its interests and its reputation. Whilst all efforts are made to safeguard Inbound and Outbound emails, QAS Limited cannot guarantee that attachments are virus free or compatible with your systems and does not accept any liability in respect of viruses or computer problems experienced. </FONT> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]