Well, your <security-constraint> is pretty much of a cluster-f*ck. Firstly, you need <url-pattern>/*</url-pattern>. Then you need <auth-constraint /> (which is deny-from-all, what you have below is allow-from-authenticated-users).
I'm guessing that there is more that you're not telling us. While I'm way too lazy to test this myself, I'm having trouble believing that your particular mis-configuration would result in the error you are seeing. "Stephen More" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I am having problems trying to disable put and delete. I have searched the Internet and they all say the same thing. Add the following: <security-constraint> <web-resource-collection> <web-resource-name>Disallowed Location</web-resource-name> <url-pattern>*</url-pattern> <http-method>DELETE</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint> So I added that to jakarta-tomcat-5.0.28/conf/web.xml and restart. While this stops all deletes and puts it is also stopping all gets and posts too ! What am I doing wrong ? I placed it near the end of the file after the mime-mappings. -Thanks Steve More --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]