tomcat wedav 禁止DELETE、PUT、OPTIONS、TRACE、HEAD等协议访问应用程序应用程序

后端 中间件 安全 tomcat

第一步：修改应用程序的web.xml文件的协议

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
 version="2.4">

第二步：在应用程序的web.xml中添加如下的代码即可

<security-constraint> 
    <web-resource-collection> 
          <url-pattern>/*</url-pattern> 
          <http-method>PUT</http-method> 
          <http-method>DELETE</http-method> 
          <http-method>HEAD</http-method> 
          <http-method>OPTIONS</http-method> 
          <http-method>TRACE</http-method> 
    </web-resource-collection> 
    <auth-constraint> 
    </auth-constraint> 
</security-constraint> 
<login-config> 
    <auth-method>BASIC</auth-method> 
</login-config>

本文由 admin 创作，采用 知识共享署名4.0 国际许可协议进行许可
本站文章除注明转载/出处外，均为本站原创或翻译，转载前请务必署名
最后编辑时间为:2022-08-09 22:52:29