Last Modified: Fri, 11 Jan 2013 20:43:19 +0000 ; Created: Fri, 11 Jan 2013 20:43:19 +0000
I found a neat new feature of J2EE 6 which simplifies security configuration of applications. You can now whitelist versus blacklist allowed HTTP methods in your web.xml:
<security-constraint> <web-resource-collection> <web-resource-name>Disable unneeded HTTP methods by 403 Forbidden them</web-resource-name> <url-pattern>*</url-pattern> <http-method-omission>GET</http-method-omission> <http-method-omission>HEAD</http-method-omission> <http-method-omission>POST</http-method-omission> </web-resource-collection> <auth-constraint /> </security-constraint> Reference: https://blogs.oracle.com/nithya/entry/new_security_features_in_glassfish |
|