Restricting HTTP methods in Java J2EE 6

Last Modified: Fri, 11 Jan 2013 20:43:19 +0000 ; Created: Fri, 11 Jan 2013 20:43:19 +0000

I found a neat new feature of J2EE 6 which simplifies security configuration of applications. You can now whitelist versus blacklist allowed HTTP methods in your web.xml:

	<security-constraint>
		<web-resource-collection>
			<web-resource-name>Disable unneeded HTTP methods by 403 Forbidden them</web-resource-name>
			<url-pattern>*</url-pattern>
			<http-method-omission>GET</http-method-omission>
			<http-method-omission>HEAD</http-method-omission>
			<http-method-omission>POST</http-method-omission>
		</web-resource-collection>
		<auth-constraint />
	</security-constraint>

Reference: https://blogs.oracle.com/nithya/entry/new_security_features_in_glassfish

Enable TRIM/Discard on USB for Linux
Router Forced TOR Access Point
Python Pandas Excel Format Column Number Type
VMConnect Hyper-V Custom Resolution Ubuntu
Ubuntu VM with Enhanced Session Hyper-V with Sound

Computer Problems
Curriculum Vitae
Free Stuff
Games
Misc
Programming
Security
Tech Tricks