DEVHIDE
Login Or Sign up

How to disable Insecure HTTP methods in application in java

7.3k Views Asked by At

I have a web application developed in Restful webservice and java. Iam using Jersey library. My team ran Appscan tool on the application.That tool says Insecure HTTP Methods Enabled on https:///AppName/.

EDIT:

  1. I would like to know how to disable DELETE methods here.
  2. When I make a option request to Server it should not list delete method in allowed method in header. Thanks in advance.
java rest tomcat servlets security-constraint
Original Q&A
1

There are 1 best solutions below

3
On

Define in web.xml a security constraint with an empty auth constraint on the desired URL pattern and the given HTTP methods.

The below example restricts ALL DELETE and TRACE requests, regardless of URL and user.

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Restricted HTTP methods.</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>DELETE</http-method>
        <http-method>TRACE</http-method>
        <!-- You can specify multiple HTTP methods here. -->
    </web-resource-collection>
    <auth-constraint />
</security-constraint>

The effect is a HTTP 403 Forbidden response.

Related Questions in JAVA

Related Questions in REST

Related Questions in TOMCAT

Related Questions in SERVLETS

Related Questions in SECURITY-CONSTRAINT

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.