hi, i am new to glassfish and my project has undergone webapps security test, which detected My server is allowing "DELETE" method at response.
This is how the test was done.
URL: http://localhost:8080/SWIC/
Framework: JSF
Server: Glassfish 4
the request was sent with Method: OPTIONS with the above url.
in response [Allow:GET, HEAD, POST, PUT, "DELETE" , TRACE, OPTIONS] has been received.
The security test want me to disallow DELETE method.
I surfed the net and tried to include the following code in my web. xml file
security-constraint
web-resource-collection
web-resource-name Blocked /web-resource-name
description/
url-pattern /* /url-pattern
http-method DELETE /http-method
http-method OPTIONS /http-method
/web-resource-collection
auth-constraint/
/security-constraint
as a result it blocks all the OPTIONS and Delete request.
The problem what i had was it works only with my project ie.
http://localhost:8080/SWIC/
but the test case also includes
http://localhost:8080/
(call to the server)
and the above code does not blocks the requst "OPTIONS"
I have been searching net for 3 day but still i couldnt find the solution.
So is there any way i can configure my Glassfish server 4 to disallow DELETE mehod or OPTIONS itself.
Thanks in advance