users@glassfish.java.net

Re: disabling HTTP methods

From: <glassfish_at_javadesktop.org>
Date: Sat, 07 Jun 2008 23:01:22 PDT

One way to do this with increased portability is to:
- write a filter that rejects any HttpServletRequest with these methods.

Now, you can declare this filter in web.xml of your web-app in which case it is applied only while one tries to access its context.

For GlassFish, you can declare this filter in default-web.xml in which case, it can apply this to [b] all the web contexts [/b] that are deployed on the server. But be warned that you need to exercise caution to do this.

Hope that helps.

- Kedar
[Message sent by forum member 'km' (km)]

http://forums.java.net/jive/thread.jspa?messageID=278971