For my application running on Jboss 4.2.2, I need to disable the access to the application using HTTP methods like PUT, DELETE, ALLOW, etc. I have done this by adding the <security-constraint> tag to my application's web.xml. However, I want to do this at the Jboss level, instead of the application. I want that my Jboss server should allow only GET and POST requests and forbid the others.
I haven't tried it myself, but I guess you can do this configuration in the JBOSS_HOME/server/< servername>/deploy/jboss-web.deployer/conf/web.xml. That web.xml applies to all applications deployed in that server configuration.