Tomcat web.xml: restrict access to specific methods of a servlet

Question

I'm running a web application under Tomcat server. Different servlets are configured using Tomcat's web.xml.

I'm looking for a convenient way to restrict access to specific METHODS of specific URLS so that only these METHODS can be accessed using an Authorization header while others can be accessed without any restriction.

For instance, for url http://localhost:8080/my/servlet1 - GET and OPTIONS can be accessed by any user, while POST and PUT must be authorized with a username and a password, but for url http://localhost:8080/my/servlet2- all methods are open.

How can I implement that?

Thanks

score 0 · Answer 1 · answered Aug 05 '20 at 07:22

The most low level API that allows you to do all sorts of filtering based on the context of the HTTP request in the javax/servlet/Filter

You implement a filter class that can restrict on the basis of HTTP method and any other criteria you choose. You register the filter on your web.xml and you add rules for which paths it is filtering.

Here is an walk through on applying such a filter.

If you happen to be using more than just a naked Tomcat for your application and you are using Spring Boot on top of it you could use their flavor of filters. This is an example for that case.

Tomcat web.xml: restrict access to specific methods of a servlet

1 Answers1