On 09/08/2014 13:31, Christopher Schultz wrote: > Rob, > > On 8/8/14, 7:50 PM, Rob Silver wrote: >> Is it true that by default on a Apache Tomcat 7.025 server RESTFUL >> verbs are enabled as part of the HTTP protocol Tomcat uses? > > Tomcat does not filter HTTP verbs other than TRACE out of the box. If > you implement HttpServlet.service() then you can accept any verb you want. > >> Anotherwards if I hade a restful web application - perhaps a spring >> mvc one would it work out of the box as far as security constraints >> go? > > Security constraints and HTTP verbs are not really related.
Huh? Security constraints allow you to define the HTTP verbs they apply to. Note: It is generally a bad idea to do this (because of HTTP verb tampering) unless you are very careful and understand exactly what you are doing. Mark >> I have not yet seen any way to control a Tomcat server not to >> accept DELETE, PUT etc.. in addition to standard GET / POST http >> verbs. > > What have you tried? > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
