Urm, what part of 'disabled' don't you understand ;-). Tomcat has refused to pass on the request to the Servlet, since nobody is authorized to perform this Method on it (hence the 403 - Forbidden). Sending 404 is just wrong, since the resource does exist. Sending 405 would mean that Tomcat is incapable of processing a DELETE, rather than simply that you aren't allowed to do it.
"Stephen More" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] My jakarta-tomcat-5.0.28/conf/web.xml now contains: <security-constraint> <web-resource-collection> <web-resource-name>Disallowed Location</web-resource-name> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint /> </security-constraint> But when I try to: DELETE /tomcat-docs/changelog.html I get 403 Access Denied instead of a 404 or 405. It does not appear that the DELETE option has been disabled. What else do I need to configure ? -Thanks Steve More On 3/25/06, Bill Barker <[EMAIL PROTECTED]> wrote: > Well, your <security-constraint> is pretty much of a cluster-f*ck. > Firstly, > you need <url-pattern>/*</url-pattern>. Then you need <auth-constraint /> > (which is deny-from-all, what you have below is > allow-from-authenticated-users). > > I'm guessing that there is more that you're not telling us. While I'm way > too lazy to test this myself, I'm having trouble believing that your > particular mis-configuration would result in the error you are seeing. > > "Stephen More" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > I am having problems trying to disable put and delete. > I have searched the Internet and they all say the same thing. > > Add the following: > > <security-constraint> > <web-resource-collection> > <web-resource-name>Disallowed Location</web-resource-name> > <url-pattern>*</url-pattern> > <http-method>DELETE</http-method> > <http-method>PUT</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>*</role-name> > </auth-constraint> > </security-constraint> > > So I added that to jakarta-tomcat-5.0.28/conf/web.xml and restart. > While this stops all deletes and puts it is also stopping all gets and > posts too ! > > What am I doing wrong ? I placed it near the end of the file after > the mime-mappings. > > -Thanks > Steve More > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]