-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Kiran,
On 9/4/15 3:19 PM, Kiran Badi wrote: > I have CRUD Multipart request and I have implemented it correctly > works fine at my local host. > > I have upload upload pdf and tiff files, all this implemented via > ajax call using onchange handler on file input multiple tag. > > The challenge I am having is that doDelete just deletes the file > with the request on server, but their is no protection. > > How do I protect doDelete call from getting misused ? > > Is their something in Tomcat I can use to protect doDelete vals > from getting misused ? How do you do user authentication and authorization? The doDelete method should be protected by default if you have enabled container-managed authentication and authorization. Also, the default doDelete method should be a no-op and therefore safe. If you have implemented your own doDelete method, you can use whatever safety-checks you with in order to prevent misuse. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV6fSSAAoJEBzwKT+lPKRYa60QAJMiKXcobGQ0RK/7e515DKEz DEa34PrMGaiLvrFlw0Y9UwiS3wnUl1isRXycTTuIVFGr6uFUkRvWFcT7d1QM0s2M mm3kIEPbtMQR54Exr0r9zGE1Ds+wWzPz12s/F4B3Wt1WKdqaobPLMTucD1Mvha/M uAOFUBCGNhH7hQnu2w0Vcj9vNoEQnezSrgj8DtovxOT/lfDugJ6P3ToJEIG/tlEn m3qMEkeIqZvGP+fRYHdAxNYoSrOJ3EDvKMxjIOFHWzHNZ/eVBQCn7qg8TaiOPf4f h7q6bS2p0XZzzyXG9vamaMDepVCffXAfiC7Me6gDuPWd+J7/iabAgd8r1qhbKW4B RbzTXKQ7yETYxqIVg3wzTUsCKJ8w/mzmKBz7VierYvrWOI0fu/14MbynZUSySnuq 8fr+tTmAmQddJ34vmiCBfYhhYGBQgNXQM/cL5wS5gpdUufnA5Lzr93rJFEBcAajF DLiOYEkfm+I8XPxP8ih25wceMvdf+y7NCBRu6c6zPb+/aCrjZEMyofS7+b92gK8B AuwK3o2Xhb/vU/NThJXGW/vbzkCQTMJpZuePSP6yMpSjkPuTb7mysKIfqFsmC3dW 6ctigwiYJYkK3xzP8RV4pdNGJTdjxMnWtvx0cDYQ1Zee+55UhJXp5LvKvwTeB8b1 D45cr+g1BxpWZxe4r0Wx =wWvm -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
