我正在开发一个RESTful Web服务项目,我正在使用Apache Tomcat和JAX-RS。
我想接受来自客户端的DELETE请求,但每当我从Advanced REST客户端Chrome插件发送DELETE请求时,它都会给出响应代码403 Forbidden。
那么我怎样才能让Apche Tomcat接受DELETE请求?
答案 0 :(得分:11)
由于我的CORS过滤器,Tomcat阻止了我的DELETE方法。
我需要在我的web.xml文件中注册新的过滤器。这是一个非常宽容的例子:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Accept,Accept-Encoding,Accept-Language,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,Connection,Content-Type,Host,Origin,Referer,Token-Id,User-Agent, X-Requested-With</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET, POST, PUT, DELETE, OPTIONS, HEAD</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
答案 1 :(得分:2)
以下是您可以从Tomcat获取403 Forbidden以获取DELETE请求的原因:
在此servlet处理的每个HTTP DELETE请求中,如下所示 处理应该进行:
如果不允许修改静态资源(由配置参数设置),则返回HTTP状态403(禁止)。
如果尝试从/ META-INF或/ WEB-INF删除资源,则返回HTTP状态403(禁止)。
如果请求的资源不存在,请返回HTTP状态404(未找到)
从包含此Web应用程序的静态资源的目录上下文中取消绑定资源。如果成功,请返回 HTTP状态204(无内容)。否则,返回HTTP状态405 (方法不允许)。
来源:http://tomcat.apache.org/tomcat-5.5-doc/catalina/funcspecs/fs-default.html
确保遵守tomcat规范以避免任何问题。
答案 2 :(得分:2)
还有一个建议,请仔细检查您的呼叫网址,并确保它指向您预期的servlet。
我在代码中输入错误的服务网址时遇到了同样的错误。当我需要api/roles/Service/roles时,我有api/rolesService/roles,修复错误解决了错误。你会期望404,但是在Tomcat上使用DELETE,你得到403.
答案 3 :(得分:-1)
要在tomcat中启用其他http方法,请在web.xml中配置
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>readonly</param-name>
<param-value>false</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
默认情况下,在tomcat中加载参数debug和listings,而默认值readonly为true,这意味着只有GET和POST可用。
其他可用的参数:
debug Debugging detail level for messages logged
by this servlet. [0]
fileEncoding Encoding to be used to read static resources
[platform default]
input Input buffer size (in bytes) when reading
resources to be served. [2048]
listings Should directory listings be produced if there
is no welcome file in this directory? [false]
WARNING: Listings for directories with many
entries can be slow and may consume
significant proportions of server resources.
output Output buffer size (in bytes) when writing
resources to be served. [2048]
readonly Is this context "read only", so HTTP
commands like PUT and DELETE are
rejected? [true]
readmeFile File to display together with the directory
contents. [null]
sendfileSize If the connector used supports sendfile, this
represents the minimal file size in KB for
which sendfile will be used. Use a negative
value to always disable sendfile. [48]
useAcceptRanges Should the Accept-Ranges header be included
in responses where appropriate? [true]