How to Disable HTTP Method (OPTIONS, HEAD, ...) In GlassFish 3.1 Server

Question

I am looking to disable the HTTP Methods that are not in use like OPTIONS, HEAD in a GlassFish 3.1 Server.
Thank you.

Update:
Currently, I have implemented a filter that checks for the HTTP method of the request, and reject the non supported ones. When I say,

response.sendError(HttpServletResponse.SC_NOT_FOUND);

The response contains header

Allow: TRACE, OPTIONS

Which are not supported by my application.

score 1 · Answer 1 · answered Jun 24 '18 at 17:41

Add below configurations to your application web.xml file.

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>                
            </web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>OPTIONS</http-method>
            <http-method>HEAD</http-method>
        </web-resource-collection>
        <auth-constraint />
    </security-constraint>

</<web-app>

How to Disable HTTP Method (OPTIONS, HEAD, ...) In GlassFish 3.1 Server

1 Answers1