[스크랩]WebDEV Method (GET, POST, HEAD, PUT, DELETE, TRACE) 제한하기

Server System/WebApp & WAS Config

[스크랩]WebDEV Method (GET, POST, HEAD, PUT, DELETE, TRACE) 제한하기

그곰 2011. 11. 17. 13:44

보안때문에 GET, POST, HEAD 정도만 사용하고 PUT, DELETE, TRACE는 막아두는데

방법은 WEB-INF\ web.xml에 코드 추가

<security-constraint>
	<display-name>openCoss http Auth</display-name>
	<web-resource-collection>
		<web-resource-name>SecureFile</web-resource-name>
		<url-pattern>/*</url-pattern>
		<!-- 
		<http-method>GET</http-method>
		<http-method>POST</http-method>
		-->
		<http-method>HEAD</http-method>
		<http-method>PUT</http-method>
		<http-method>DELETE</http-method>
		<http-method>TRACE</http-method>
	</web-resource-collection>
	<auth-constraint>
		<role-name>openCmsAuth</role-name>
	</auth-constraint>
</security-constraint>

저작자표시 비영리 동일조건