Blocking some HTTP methods in web.xml

Asked May 06 '21 at 05:25

Active May 06 '21 at 05:25

Viewed 265 times

I am running two war files in single tomcat. example app1 and app2. Now I want to block some of the HTTP methods for app2 alone without touching the tomcat own web.xml. So I have created a web.xml for app2 and place it under WEB_INF.

<web-app>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>restricted methods</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>OPTIONS</http-method>
            <http-method>TRACE</http-method>
        </web-resource-collection>
        <auth-constraint/>
    </security-constraint>
</web-app>

when I hit URL as host:port/app2/ it will give response as 403. but when I hit host:port/app2 getting response as 200.

Now I have to block host:port/app2 this URL also. How can I change the url-pattern to achieve this.

asked May 06 '21 at 05:25

prakash kandhasamy

Without the trailing slash you're getting a 200 and not a 301 or 302? – stdunbar May 06 '21 at 19:19
yes, I am getting 200 OK – prakash kandhasamy May 07 '21 at 04:37

Blocking some HTTP methods in web.xml

0 Answers0