I have a web application developed in Restful webservice and java. Iam using Jersey library. My team ran Appscan tool on the application.That tool says Insecure HTTP Methods Enabled on https:///AppName/.
EDIT:
- I would like to know how to disable DELETE methods here.
- When I make a option request to Server it should not list delete method in allowed method in header. Thanks in advance.
Define in
web.xml
a security constraint with an empty auth constraint on the desired URL pattern and the given HTTP methods.The below example restricts ALL
DELETE
andTRACE
requests, regardless of URL and user.The effect is a HTTP 403 Forbidden response.