jQuery in Action, 2nd edition*
The moose likes JBoss/WildFly and the fly likes Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level" Watch "Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level" New topic
Author

Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level

Niharika Sharma
Greenhorn

Joined: Sep 06, 2010
Posts: 1
Hi,
For my application running on Jboss 4.2.2, I need to disable the access to the application using HTTP methods like PUT, DELETE, ALLOW, etc. I have done this by adding the <security-constraint> tag to my application's web.xml. However, I want to do this at the Jboss level, instead of the application. I want that my Jboss server should allow only GET and POST requests and forbid the others.

This is what I have added to my web.xml

<security-constraint>
<display-name>excluded</display-name>
<web-resource-collection>
<web-resource-name>No Access</web-resource-name>
<url-pattern>*</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>ALLOW</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>

I want to know if it is at all possible to do it at the Jboss level or I have to do it at the application level only. Please help me with this problem.
Thanks in advance
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 9947
    
161

I haven't tried it myself, but I guess you can do this configuration in the JBOSS_HOME/server/< servername>/deploy/jboss-web.deployer/conf/web.xml. That web.xml applies to all applications deployed in that server configuration.

[My Blog] [JavaRanch Journal]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level
 
Similar Threads
Adding users and roles
Help in Adding two security constraint in web.xml
Problems getting Tomcat to work without Eclipse IDE
direct access to html
restrict access to jsp from WSAD/Websphere