• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

problem with security constraints

 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hey,

i am trying to block the put and delete method on all incoming requests using a security constraint in the web.xml ..

for some reason however get post is blocked too

here is my tag



hope somebody can help

thanks
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34071
331
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sebastian,
There are (at least) two implementations that deal with the security constraints in different ways.
1) If you don't specify a method, everybody can access it.
2) If you don't specify a method, nobody can access it.

While we could debate which is "more correct", you are stuck with the implementation chosen by your application server. In your case, that would be approach #2. Can you edit the web.xml to add an entry for get/post to allow the security you want?
 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hey,

i changed the dd to the following, but still got the same result: access denied

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic