| Author |
Disabling Servlet HTTP methods PUT,GET,POST,DELETE,TRACE and to to check they are working or not
|
Pawan Salwan
Greenhorn
Joined: Nov 22, 2012
Posts: 4
|
|
I am working on application which allow all HTTP methods now we have requirement of disabling HTTP methods PUT,DELETE,TRACE and allow only POST and GET keeping security in mind. I have googled and got the <security-constraint>
<web-resource-collection>
<web-resource-name><strong>restricted methods</strong></web-resource-name>
<url-pattern><strong>/*</strong></url-pattern>
<http-method><strong>PUT</strong></http-method>>
<http-method><strong>DELETE</strong></http-method>
<http-method><strong>OPTIONS</strong></http-method>
<http-method><strong>TRACE</strong></http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
above is the code used in web.xml as i am using tomcat. I have put the code in there, i want to know how should i test if its working or not. Pleaseeee help on tracking this issue.
|
 |
N Sahni
Ranch Hand
Joined: Jul 07, 2011
Posts: 55
|
|
Hi Pawan,
Welcome to the Ranch 
To test various HTTP methods (GET, POST, PUT, DELETE, HEAD, OPTIONS, and TRACE), you can use apache commons HTTP client.
For this you'll have to create a standalone java client which can utilize different HTTP methothods available with apache HTTP Client to simulate different HTTP requests.
|
Thanks and Regards,
Nilesh Sahni | nsahni@infocepts.com | www.infocepts.com
|
|
Pawan Salwan
Greenhorn
Joined: Nov 22, 2012
Posts: 4
|
|
Hi Nilesh,
Thanks for replying. Yeah this is an option what you mentioned but I want to know do we have any open source tool to test or i can say scan the tomcat to check whether these methods are working after disabling in tomcat's web.xml if you have any idea about that it will be very helpful.
|
|
N Sahni
Ranch Hand
Joined: Jul 07, 2011
Posts: 55
|
|
There are some tools available:
For Windows:WFetch
For Linux: use curl
|
|
Pawan Salwan
Greenhorn
Joined: Nov 22, 2012
Posts: 4
|
|
N Sahni wrote:There are some tools available:
For Windows:WFetch
For Linux: use curl
I have tried curl from command line but i did not get any command that help us to test these condition there are get and post command
. I also disable the TRACE in the web.xml but when i run the curl command for trace like curl -trace trace.txt this command is still working however it as per consrtaint it should not work may be i was doing something wrong. if you have any idea about this it will be very helpful.
Regards,
Pawan Salwan
|
|
N Sahni
Ranch Hand
Joined: Jul 07, 2011
Posts: 55
|
|
I have tried curl from command line but i did not get any command that help us to test these condition there are get and post command.
Below are some samples for curl command:
GET: curl -HAccept:text/plain http://example.com/baseDELETE: curl -XDELETE http://example.com/base/user/123POST: curl -d "param1=value1¶m2=value2" http://example.com/base/
curl -X is used to specify custom HTTP request method. Please refer Curl Manual Page
|
|
 |
I agree. Here's the link: jrebel
|
|
subject: Disabling Servlet HTTP methods PUT,GET,POST,DELETE,TRACE and to to check they are working or not
|
|
|
0
