Disabling http methods in Jboss eap 5.x

Question

I need to disable http methods like PUT, DELETE, TRACE, OPTIONS and PROPFIND in my jboss eap 5.x server. Can you please tell me in which file to add the security constraints?

see if this post help you http://stackoverflow.com/questions/41035666/how-to-disable-http-options-method-in-jboss — itzhar, Mar 14 '17 at 11:41
I have gone through this post but I am not too sure where to use RewriteValve in my server configuration and I have tried using the security constraints in my web.xml but it did not work. Kindly help. — Souvik Paul, Mar 14 '17 at 12:07

score 0 · Accepted Answer · answered Mar 15 '17 at 10:28

Place the code below in web.xml file present in the following path of your server : \server\default\deployers\jbossweb.deployer

<security-constraint> 
    <display-name>excluded</display-name> 
    <web-resource-collection> 
    <web-resource-name>No Access</web-resource-name> 
    <url-pattern>/*</url-pattern> 
    <http-method>DELETE</http-method> 
    <http-method>PUT</http-method> 
    <http-method>HEAD</http-method> 
    <http-method>OPTIONS</http-method>
    <http-method>TRACE</http-method> 
    <!--<http-method>ALLOW</http-method> -->
    </web-resource-collection> 
    <auth-constraint /> 
</security-constraint>

Disabling http methods in Jboss eap 5.x

1 Answers1