安全约束未得到应用

Question

我找到了以下配置。

<security-constraint>
        <web-resource-collection> 
            <web-resource-name>DisabledMethods</web-resource-name>
              <url-pattern>/*</url-pattern>
              <http-method>DELETE</http-method>
              <http-method>PUT</http-method>
               <http-method>OPTIONS</http-method>
              <http-method>TRACE</http-method>
        </web-resource-collection>
        <auth-constraint>
          <role-name>empty_role</role-name>
        </auth-constraint>
    </security-constraint> 

在这种情况下，仍然允许所有用户使用Trace方法。如何阻止HTTP跟踪方法？请帮忙。我是新手。