security-constraint

Disabling PUT TRACE DELETE request in Apache Tomcat 6.0

非 Y 不嫁゛ 提交于 2019-11-29 02:01:34
I need to disable PUT, DELETE & TRACE HTTP requests on my Application Server, Apache Tomcat 6.0. All other sources, i have searched till now, have directed me towards the limit parameter in httpd.conf , Hence I'd put it before-hand that I am not using Apache Web Server, and requests are directly being handled by Tomcat, and so there is no httpd.conf in picture. Please suggest how should I do it on Tomcat? James Schek Inside your WEBINF, add you can add a security constraint: <security-constraint> <web-resource-collection> <web-resource-name>Forbidden</web-resource-name> <url-pattern>/blah/*<

<partial-response> XML shown as plain text after ajax redirect on security constraint in WildFly

狂风中的少年 提交于 2019-11-28 01:59:11
I've got this weird problem with ajax redirect on a security constraint: When an ajax call is made (by clicking on a sortable p:dataTable column or when a p:poll triggers) on a role-secured page after my session timed out, a <partial-response><redirect-url=... XML from OmniFaces is shown on the screen. When I remove OmniFaces, the ajax calls seem to fail silently and I don't get the XML shown. Security is configured as following in web.xml: <security-constraint> <web-resource-collection> <web-resource-name>Pages</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth

Precedence of security-constraint over filters in Servlets

谁说胖子不能爱 提交于 2019-11-27 16:43:49
问题 While studying about security-constraints and filters in servlets, I made the following declarations in the web.xml file, which didn't work as I expected: <security-constraint> <web-resource-collection> <web-resource-name>BeerSelector</web-resource-name> <url-pattern>/SelectBeer.do</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>Admin</role-name> </auth-constraint> </security-constraint> <filter> <filter-name

Is security-constraint configuration for Tomcat mandatory?

安稳与你 提交于 2019-11-27 07:26:49
In order to do an SSL Configuration testing under Tomcat, is this all mandatory? This below line is taken from a website : In order to do this for our test, take any application which has already been deployed successfully in Tomcat and first access it through http and https to see if it works fine. If yes, then open the web.xml of that application and just add this XML fragment before web-app ends i.e </web-app> : <security-constraint> <web-resource-collection> <web-resource-name>securedapp</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint>

Whitelist security constraint in web.xml

∥☆過路亽.° 提交于 2019-11-27 01:49:31
I'm using Tomcat for my Struts2 application. The web.xml has certain entries as shown below: <security-constraint> <web-resource-collection> <web-resource-name>restricted methods</web-resource-name> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>DELETE</http-method> <http-method>TRACE</http-method> </web-resource-collection> <auth-constraint /> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>no_access</web-resource-name> <url-pattern>/jsp/*</url-pattern> </web-resource-collection> <auth-constraint/> </security-constraint>

Whitelist security constraint in web.xml

﹥>﹥吖頭↗ 提交于 2019-11-26 09:48:30
问题 I\'m using Tomcat for my Struts2 application. The web.xml has certain entries as shown below: <security-constraint> <web-resource-collection> <web-resource-name>restricted methods</web-resource-name> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>DELETE</http-method> <http-method>TRACE</http-method> </web-resource-collection> <auth-constraint /> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>no_access</web-resource-name>
订阅 security-constraint