-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 8/10/14, 4:44 AM, Mark Thomas wrote: > On 09/08/2014 13:31, Christopher Schultz wrote: >> Rob, >> >> On 8/8/14, 7:50 PM, Rob Silver wrote: >>> Is it true that by default on a Apache Tomcat 7.025 server >>> RESTFUL verbs are enabled as part of the HTTP protocol Tomcat >>> uses? >> >> Tomcat does not filter HTTP verbs other than TRACE out of the >> box. If you implement HttpServlet.service() then you can accept >> any verb you want. >> >>> Anotherwards if I hade a restful web application - perhaps a >>> spring mvc one would it work out of the box as far as security >>> constraints go? >> >> Security constraints and HTTP verbs are not really related. > > Huh? Security constraints allow you to define the HTTP verbs they > apply to. The OP was asking about built-in Tomcat restrictions against any of this stuff. While security constraints can be applied to certain HTTP verbs, one has to do that kind of thing oneself, I would therefore expect that the OP would be aware of any self-imposed constraints. > Note: It is generally a bad idea to do this (because of HTTP verb > tampering) unless you are very careful and understand exactly what > you are doing. +1 Apache httpd's <LimitExcept> is a great feature. It's too bad web.xml is not quite so explicit about that kind of thing. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJT51tIAAoJEBzwKT+lPKRY+mEP/05oXA80tUaaOL3bELheHQ1k QUy3czP8rsd2HVWi7T738ssBwu0W7zCt2xzXM+eIDRmi537FijfyCwEQTM+TZAC/ +MepJ6Mi7jTyI0sDo28xXfe9VN2aZaxqOdQmGX9zrJ+Wp1041KTFIxHohpXUdq1d vrXrX9I1IPCIPyoKtGPChJXbXh6No+XPzfCRLho/Q3YIkZoPK3yqkx0ZPAsBfWww o0Sb0bkd78uSwgXuuOod/hdatOXxF/BDR6DPoSSIRuQ+mvqdioFDA1vMYc16G73P Hd8DgwkYVCFndLpX8FsUHBA+uakIn9EmvuZS1ud4cM1aJoqi/hh/QQJO7Al8CzR2 CVeYlaV9cpI1SPheNCbDWK57ayrzpKriE/oaoJLbhSVtvT4iY/G5uIUHazSWl7Q1 0odEhKFSW/pR1HmO6aDsbYmZvede9i9hQBFgZSOhyaeWmvAXb8sp3S03ctiZAl5i NF+w6bq0KO7oMhqYlAfGQEffvHyH1+CRD+PRt4UK24m1UtnNLQqVg7lYh9tXnq9z I5KwVPmAamhH6WoLP28itOsN0ZasPFfHoWtDxV/Ws78z6kV0kVtd4ZOgbYquSpD+ lMHwJVpRqZxiqZDkBImrmFs6QztFBvZg3Swxp5grwdVFJLEutK09EDhDdPtWLEir 4kJWtpYx+1fg8kTg4Nwa =VQGe -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
