那些遇到过的问题

相关疑难解决方法(0)

在 Tomcat 上禁止 HTTP 方法是否区分大小写?

我已将以下内容放在我的应用程序的 web.xml 中以尝试禁止 PUT、DELETE 等:

 <security-constraint>
 <web-resource-collection>
  <web-resource-name>restricted methods</web-resource-name>
  <url-pattern>/*</url-pattern>
  <http-method>DELETE</http-method>
  <http-method>PUT</http-method>
  <http-method>SEARCH</http-method>
  <http-method>COPY</http-method>
  <http-method>MOVE</http-method>
  <http-method>PROPFIND</http-method>
  <http-method>PROPPATCH</http-method>
  <http-method>MKCOL</http-method>
  <http-method>LOCK</http-method>
  <http-method>UNLOCK</http-method>
  <http-method>delete</http-method>
  <http-method>put</http-method>
  <http-method>search</http-method>
  <http-method>copy</http-method>
  <http-method>move</http-method>
  <http-method>propfind</http-method>
  <http-method>proppatch</http-method>
  <http-method>mkcol</http-method>
  <http-method>lock</http-method>
  <http-method>unlock</http-method>
 </web-resource-collection>
 <auth-constraint />
 </security-constraint>
Run Code Online (Sandbox Code Playgroud)

好的,现在:

如果我使用方法提出请求,DELETE我会得到 403 返回。

如果我使用方法提出请求,delete我会得到 403 返回。

如果我用DeLeTe我的方法做一个请求就OK了!

我怎样才能让它禁止这些不区分大小写的?

编辑:我正在用 C# 程序测试它:

    private void button1_Click(object sender, EventArgs e)
    {
        textBox1.Text = "making request";
        System.Threading.Thread.Sleep(400);
        WebRequest req = WebRequest.Create("http://serverurl/Application/cache_test.jsp");
        req.Method = txtMethod.Text;
        try
        {
            HttpWebResponse resp = (HttpWebResponse)req.GetResponse();

            textBox1.Text = …
Run Code Online (Sandbox Code Playgroud)

tomcat

dev*_*wjk
2015 01-27
12
推荐指数
2
解决办法
1万
查看次数

标签 统计

tomcat ×1