This week's giveaway is in the EJB and other Java EE Technologies forum.
We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line!
See this thread for details.
The moose likes JBoss/WildFly and the fly likes Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level" Watch "Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level" New topic
Author

Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level

Niharika Sharma
Greenhorn

Joined: Sep 06, 2010
Posts: 1
Hi,
For my application running on Jboss 4.2.2, I need to disable the access to the application using HTTP methods like PUT, DELETE, ALLOW, etc. I have done this by adding the <security-constraint> tag to my application's web.xml. However, I want to do this at the Jboss level, instead of the application. I want that my Jboss server should allow only GET and POST requests and forbid the others.

This is what I have added to my web.xml

<security-constraint>
<display-name>excluded</display-name>
<web-resource-collection>
<web-resource-name>No Access</web-resource-name>
<url-pattern>*</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>ALLOW</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>

I want to know if it is at all possible to do it at the Jboss level or I have to do it at the application level only. Please help me with this problem.
Thanks in advance
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 9317
    
109

I haven't tried it myself, but I guess you can do this configuration in the JBOSS_HOME/server/< servername>/deploy/jboss-web.deployer/conf/web.xml. That web.xml applies to all applications deployed in that server configuration.

[My Blog] [JavaRanch Journal]
 
wood burning stoves
 
subject: Need to disable access to my application using HTTP methods like PUT, DELETE at Jboss level
 
Similar Threads
direct access to html
restrict access to jsp from WSAD/Websphere
Adding users and roles
Help in Adding two security constraint in web.xml
Problems getting Tomcat to work without Eclipse IDE