How to disable GET requests to JSP page?

后端未结

关注

 2  1427

生来不讨喜 2021-02-09 08:05

I am fixing some old defects and as part of one defect, I need to make sure that some requests are being only POST to the JSP page instead of a GET request. The application have

2条回答

既然无缘 (楼主)

2021-02-09 08:54
Two solutions:
1. Add a with an empty on an of *.jsp and of GET which will block GET requests on JSP files to everyone (as suggested by McDowell):
```
    Restrict GET requests on JSP files
    
        JSP files
        *.jsp
        GET
    
    
 
```
2. Create a Filter which listens on an of *.jsp and does basically the following in the doFilter() method.
```
if (((HttpServletRequest) request).getMethod().equals("GET")) {
    ((HttpServletResponse) response).sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
} else {
    chain.doFilter(request, response);
}
```
No need to copypaste the same over all JSP pages which would only be prone to IllegalStateException: response already committed errors.
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...