我想删除不安全的HTTP谓词,例如OPTIONS。我的应用程序是使用jsp,servlet。 我尝试在我的web.xml中使用bellow。但是,我找不到任何解决方案。能帮我解决一下吗?
<security-constraint>
<web-resource-collection>
<web-resource-name>NASApp</web-resource-name>
<description>Security constraint for SIS</description>
<url-pattern>/unchecked/*</url-pattern>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
</web-resource-collection>
</security-constraint>
答案 0 :(得分:0)
以下示例来自http://www.techstacks.com/howto/disable-http-methods-in-tomcat.html,显示了如何为HEAD和GET
禁用除 之外的所有方法 <security-constraint>
<web-resource-collection>
<web-resource-name><strong>restricted methods</strong></web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>POST</http-method>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
所以在你的情况下,你只会排除你想要允许的动词。
还要注意*的 url-pattern 模式以匹配所有网址。