My jakarta-tomcat-5.0.28/conf/web.xml now contains: <security-constraint> <web-resource-collection> <web-resource-name>Disallowed Location</web-resource-name> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint /> </security-constraint>
But when I try to: DELETE /tomcat-docs/changelog.html I get 403 Access Denied instead of a 404 or 405. It does not appear that the DELETE option has been disabled. What else do I need to configure ? -Thanks Steve More On 3/25/06, Bill Barker <[EMAIL PROTECTED]> wrote: > Well, your <security-constraint> is pretty much of a cluster-f*ck. Firstly, > you need <url-pattern>/*</url-pattern>. Then you need <auth-constraint /> > (which is deny-from-all, what you have below is > allow-from-authenticated-users). > > I'm guessing that there is more that you're not telling us. While I'm way > too lazy to test this myself, I'm having trouble believing that your > particular mis-configuration would result in the error you are seeing. > > "Stephen More" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > I am having problems trying to disable put and delete. > I have searched the Internet and they all say the same thing. > > Add the following: > > <security-constraint> > <web-resource-collection> > <web-resource-name>Disallowed Location</web-resource-name> > <url-pattern>*</url-pattern> > <http-method>DELETE</http-method> > <http-method>PUT</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>*</role-name> > </auth-constraint> > </security-constraint> > > So I added that to jakarta-tomcat-5.0.28/conf/web.xml and restart. > While this stops all deletes and puts it is also stopping all gets and > posts too ! > > What am I doing wrong ? I placed it near the end of the file after > the mime-mappings. > > -Thanks > Steve More > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]