Disabling http methods in web.xml of application

Asked Mar 10 '17 at 06:14

Active Mar 10 '17 at 06:14

Viewed 1,651 times

I am trying to disable http methods like PUT, DELETE, TRACE, OPTIONS and PROPFIND. I have made the few changes in my web.xml file of my application but the methods are still enabled. Following is the code snippet:

<security-constraint>
    <display-name>Restrict raw XHTML Documents</display-name>
    <web-resource-collection>
        <web-resource-name>XHTML</web-resource-name>
        <url-pattern>*.xhtml</url-pattern>
    </web-resource-collection>
    <auth-constraint />
</security-constraint>


<security-constraint>
    <web-resource-collection>
    <web-resource-name>Restricted Methods</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
</security-constraint>

asked Mar 10 '17 at 06:14

Coder200

They are not disabled for .xhtml files – Maurice Perry Mar 10 '17 at 06:24
Hi, did you mean the methods cannot be disabled for .xhtml files or it is not mentioned in the first block? If the former, is there any way of disabling them? – Coder200 Mar 10 '17 at 06:44

Disabling http methods in web.xml of application

0 Answers0