6.13.2 Execution environment settings (J2EE server settings)
To specify settings for limiting the HTTP-enabled methods, you must set up the J2EE server.
This section describes the settings and examples for limiting the HTTP-enabled methods.
- Organization of this subsection
(1) How to set
Specify the settings for limiting the HTTP-enabled methods in the following parameter in the <configuration> tag of the logical J2EE server (j2ee-server) in the Easy Setup definition file.
- webserver.connector.inprocess_http.enabled_methods
-
Specifies the method name of an HTTP-enabled method.
For details on the Easy Setup definition file and the parameters to be specified, see 4.3 Easy Setup definition file in the uCosminexus Application Server Definition Reference Guide.
- Tip
-
If a request containing the OPTIONS method is sent for the static contents, a request excluding the disabled methods for the in-process HTTP server from the enabled methods (GET method, POST method, TRACE method, and OPTIONS method) is returned for the static contents by default. In the case of servlets and JSPs, limiting the HTTP-enabled methods depends on the implementation of the Web application.
(2) Example settings
The following is the setting example for limiting the HTTP-enabled methods. Note that the following example shows the default settings:
... <param> <param-name>webserver.connector.inprocess_http.enabled_methods</param-name> <param-value>GET,HEAD,POST,PUT,DELETE,OPTIONS</param-value> </param> ...
In this example, access is allowed for the GET method, HEAD method, POST method, PUT method, DELETE method, and OPTIONS method and access is rejected for the TRACE method.