在 Jboss eap 5.x 中禁用 http 方法
Disabling http methods in Jboss eap 5.x
我需要在我的 jboss eap 5.x 服务器中禁用 PUT、DELETE、TRACE、OPTIONS 和 PROPFIND 等 http 方法。你能告诉我在哪个文件中添加安全约束吗?
将下面的代码放在服务器的以下路径中的 web.xml 文件中:\server\default\deployers\jbossweb.deployer
<security-constraint>
<display-name>excluded</display-name>
<web-resource-collection>
<web-resource-name>No Access</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<!--<http-method>ALLOW</http-method> -->
</web-resource-collection>
<auth-constraint />
</security-constraint>
我需要在我的 jboss eap 5.x 服务器中禁用 PUT、DELETE、TRACE、OPTIONS 和 PROPFIND 等 http 方法。你能告诉我在哪个文件中添加安全约束吗?
将下面的代码放在服务器的以下路径中的 web.xml 文件中:\server\default\deployers\jbossweb.deployer
<security-constraint>
<display-name>excluded</display-name>
<web-resource-collection>
<web-resource-name>No Access</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<!--<http-method>ALLOW</http-method> -->
</web-resource-collection>
<auth-constraint />
</security-constraint>