Well, your <security-constraint> is pretty much of a cluster-f*ck.  Firstly, 
you need <url-pattern>/*</url-pattern>.  Then you need <auth-constraint /> 
(which is deny-from-all, what you have below is 
allow-from-authenticated-users).

I'm guessing that there is more that you're not telling us.  While I'm way 
too lazy to test this myself, I'm having trouble believing that your 
particular mis-configuration would result in the error you are seeing.

"Stephen More" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
I am having problems trying to disable put and delete.
I have searched the Internet and they all say the same thing.

Add the following:

<security-constraint>
        <web-resource-collection>
            <web-resource-name>Disallowed Location</web-resource-name>
            <url-pattern>*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>*</role-name>
        </auth-constraint>
 </security-constraint>

So I added that to jakarta-tomcat-5.0.28/conf/web.xml and restart.
While this stops all deletes and puts it is also stopping all gets and
posts too !

What am I doing wrong ?  I placed it near the end of the file after
the mime-mappings.

-Thanks
Steve More 




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to