How to disable GET requests to JSP page?

Question

I am fixing some old defects and as part of one defect, I need to make sure that some requests are being only POST to the JSP page instead of a GET request. The application have

Answer 1

Add security constraints to your web.xml prohibiting the request.

Answer 2

Two solutions:

1. Add a <security-constraint> with an empty <auth-constraint> on an <url-pattern> of *.jsp and <http-method> of GET which will block GET requests on JSP files to everyone (as suggested by McDowell):

   <security-constraint>
       <display-name>Restrict GET requests on JSP files</display-name>
       <web-resource-collection>
           <web-resource-name>JSP files</web-resource-name>
           <url-pattern>*.jsp</url-pattern>
           <http-method>GET</http-method>
       </web-resource-collection>
       <auth-constraint />
   </security-constraint> 
   

2. Create a Filter which listens on an <url-pattern> of *.jsp and does basically the following in the doFilter() method.

   if (((HttpServletRequest) request).getMethod().equals("GET")) {
       ((HttpServletResponse) response).sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
   } else {
       chain.doFilter(request, response);
   }
   

No need to copypaste the same over all JSP pages which would only be prone to IllegalStateException: response already committed errors.