Urm, what part of 'disabled' don't you understand ;-).

Tomcat has refused to pass on the request to the Servlet, since nobody is 
authorized to perform this Method on it (hence the 403 - Forbidden). 
Sending 404 is just wrong, since the resource does exist.  Sending 405 would 
mean that Tomcat is incapable of processing a DELETE, rather than simply 
that you aren't allowed to do it.


"Stephen More" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
My jakarta-tomcat-5.0.28/conf/web.xml now contains:

 <security-constraint>
 <web-resource-collection>
  <web-resource-name>Disallowed Location</web-resource-name>
  <url-pattern>/*</url-pattern>
    <http-method>PUT</http-method>
    <http-method>DELETE</http-method>
 </web-resource-collection>
 <auth-constraint />
 </security-constraint>

But when I try to:
DELETE /tomcat-docs/changelog.html

I get 403 Access Denied instead of a 404 or 405.

It does not appear that the DELETE option has been disabled.
What else do I need to configure ?


-Thanks
Steve More


On 3/25/06, Bill Barker <[EMAIL PROTECTED]> wrote:
> Well, your <security-constraint> is pretty much of a cluster-f*ck. 
> Firstly,
> you need <url-pattern>/*</url-pattern>.  Then you need <auth-constraint />
> (which is deny-from-all, what you have below is
> allow-from-authenticated-users).
>
> I'm guessing that there is more that you're not telling us.  While I'm way
> too lazy to test this myself, I'm having trouble believing that your
> particular mis-configuration would result in the error you are seeing.
>
> "Stephen More" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> I am having problems trying to disable put and delete.
> I have searched the Internet and they all say the same thing.
>
> Add the following:
>
> <security-constraint>
>         <web-resource-collection>
>             <web-resource-name>Disallowed Location</web-resource-name>
>             <url-pattern>*</url-pattern>
>             <http-method>DELETE</http-method>
>             <http-method>PUT</http-method>
>         </web-resource-collection>
>         <auth-constraint>
>             <role-name>*</role-name>
>         </auth-constraint>
>  </security-constraint>
>
> So I added that to jakarta-tomcat-5.0.28/conf/web.xml and restart.
> While this stops all deletes and puts it is also stopping all gets and
> posts too !
>
> What am I doing wrong ?  I placed it near the end of the file after
> the mime-mappings.
>
> -Thanks
> Steve More
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to