aspose file tools*
The moose likes Servlets and the fly likes problem with security constraints Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "problem with security constraints" Watch "problem with security constraints" New topic
Author

problem with security constraints

Sebastian Janisch
Ranch Hand

Joined: Feb 23, 2009
Posts: 1183
hey,

i am trying to block the put and delete method on all incoming requests using a security constraint in the web.xml ..

for some reason however get post is blocked too

here is my tag



hope somebody can help

thanks


JDBCSupport - An easy to use, light-weight JDBC framework -
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 29257
    
140

Sebastian,
There are (at least) two implementations that deal with the security constraints in different ways.
1) If you don't specify a method, everybody can access it.
2) If you don't specify a method, nobody can access it.

While we could debate which is "more correct", you are stuck with the implementation chosen by your application server. In your case, that would be approach #2. Can you edit the web.xml to add an entry for get/post to allow the security you want?


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Sebastian Janisch
Ranch Hand

Joined: Feb 23, 2009
Posts: 1183
hey,

i changed the dd to the following, but still got the same result: access denied

 
wood burning stoves
 
subject: problem with security constraints
 
Similar Threads
Filter only GET Methods
Understanding security constraint in ewb.xml
Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level
SSL and certificates Configuration in WebSphere Application Server 7
If http-method is not specified, then nobody can access the resource ?