Question
Deutsche Telekom Services Europe SE
DE
Posted: Nov 13, 2018
Last activity: Feb 26, 2019
Last activity: 26 Feb 2019 0:05 EST
This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.
Could you please assist here to disable dangerous HTTP Method ?
Hi,
Take a look at the following document: https://docs.oracle.com/javaee/6/tutorial/doc/gmmku.html
The simplest way to ensure that you deny all HTTP methods except those that you want to be permitted is to use http-method-omission elements to omit those HTTP methods from the security constraint, and also to define an auth-constraint that names no roles. The security constraint will apply to all methods except those that were named in the omissions, and the constraint will apply only to the resources matched by the patterns in the constraint.
Hi,
Take a look at the following document: https://docs.oracle.com/javaee/6/tutorial/doc/gmmku.html
The simplest way to ensure that you deny all HTTP methods except those that you want to be permitted is to use http-method-omission elements to omit those HTTP methods from the security constraint, and also to define an auth-constraint that names no roles. The security constraint will apply to all methods except those that were named in the omissions, and the constraint will apply only to the resources matched by the patterns in the constraint.
For example, the following constraint excludes access to all methods except GET and POST at the resources matched by the pattern /company/*:
<!-- SECURITY CONSTRAINT #5 --> <security-constraint> <display-name>Deny all HTTP methods except GET and POST</display-name> <web-resource-collection> <url-pattern>/company/*</url-pattern> <http-method-omission>GET</http-method-omission> <http-method-omission>POST</http-method-omission> </web-resource-collection> <auth-constraint/> </security-constraint>
We tried above solution but its not working. Do we have any other configuration ?
Hi,
Thank you for posting your query in the PSC. This looks like an inactive post and hence, we suggest you create a new post for your query. Click on the Write Post button here. Once created, please reply back here with the URL of the new post.
You may also refer this discussion link as a reference in the new thread.
Question
Question
Question
Question
Question
Question Solved
Question
Question
Question
Question
Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.