aspose file tools*
The moose likes JBoss/WildFly and the fly likes Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level" Watch "Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level" New topic
Author

Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level

Niharika Sharma
Greenhorn

Joined: Sep 06, 2010
Posts: 1
Hi,
For my application running on Jboss 4.2.2, I need to disable the access to the application using HTTP methods like PUT, DELETE, ALLOW, etc. I have done this by adding the <security-constraint> tag to my application's web.xml. However, I want to do this at the Jboss level, instead of the application. I want that my Jboss server should allow only GET and POST requests and forbid the others.

This is what I have added to my web.xml

<security-constraint>
<display-name>excluded</display-name>
<web-resource-collection>
<web-resource-name>No Access</web-resource-name>
<url-pattern>*</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>ALLOW</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>

I want to know if it is at all possible to do it at the Jboss level or I have to do it at the application level only. Please help me with this problem.
Thanks in advance
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10266
    
168

I haven't tried it myself, but I guess you can do this configuration in the JBOSS_HOME/server/< servername>/deploy/jboss-web.deployer/conf/web.xml. That web.xml applies to all applications deployed in that server configuration.

[My Blog] [JavaRanch Journal]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level