users@glassfish.java.net

Re: Disable HTTP TRACE

From: <glassfish_at_javadesktop.org>
Date: Mon, 07 Dec 2009 20:37:57 PST

What is I modify web.xml file in put something like this in the bottom. Logically thinking I suppose to be able to block trace and options. Correct me if I'm wrong
Thank you

<security-constraint>
    <web-resource-collection>
      <web-resource-name>Blocked</web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>OPTIONS</http-method>
      <http-method>TRACE</http-method>
      <http-method>TRACE</http-method>
    </web-resource-collection>
    <auth-constraint>
      <description>Blocked </description>
      <role-name>Blocked</role-name>
     </auth-constraint>
  </security-constraint>

  <security-role>
    <description>Blocked</description>
    <role-name>Blocked</role-name>
  </security-role>
[Message sent by forum member 'drumik' ]

http://forums.java.net/jive/thread.jspa?messageID=375288