[Tomcat] HTTP Method (GET, POST, PUT, DELETE...) 제한하기

참고 : http://www.techstacks.com/howto/disable-http-methods-in-tomcat.html

참고 : http://tyboss.tistory.com/entry/Tomcat-Authorization-Authentication-webxml


Tomat 환경파일 또는 Application의 web.xml에 아래 코드 추가 후 Restart

// Sample Security Constraint <security-constraint>   <web-resource-collection>       <web-resource-name>restricted methods</web-resource-name>       <url-pattern>/*</url-pattern>       <http-method>PUT</http-method>       <http-method>POST</http-method>       <http-method>DELETE</http-method>       <http-method>OPTIONS</http-method>       <http-method>TRACE</http-method>   </web-resource-collection>   <auth-constraint /> </security-constraint>

http-method 에 선언한 method 는 접근이 제한된다.

HTTP Method 목록 : http://ko.wikipedia.org/wiki/HTTP

(OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT)