由于通过xsan检测到tomcat服务器存在put&delete method.在通过查找后找到了disable的方法.
以下为tomcat5.5下的代码
package
org.apache.catalina.valves;
import
java.io.IOException;
import
javax.servlet.ServletException;
import
javax.servlet.ServletRequest;
import
javax.servlet.http.HttpServletRequest;
import
org.apache.catalina.Request;
import
org.apache.catalina.Response;
import
org.apache.catalina.ValveContext;
import
org.apache.catalina.valves.RequestFilterValve;
/***/
/**
*Concreteimplementationof<code>RequestFilterValve</code>thatfilters
*HTTPrequestsbaseduponthestringrepresentationoftherequestmethod.
*
*inserver.xml:<ValveclassName="org.apache.catalina.valves.HttpMethodValve"
*allow="comma-separated-string"deny="comma-separated-string"/>
*
*wherecomma-separated-stringisalistofHTTPmethods(uppercase)separated
*bycommas.
*
*Example:TodisablePUTandDELETEmethodsonastandaloneTomcat5server,
*
*<Engine...><!--or<Host>--><Valve
*className="org.apache.catalina.valves.HttpMethodValve"deny="PUT,DELETE"/>
*</Engine>
*
*@authorMarkAnderson
*@version$Revision:1.0$$Date:2004/12/2713:56:21$
*/
public
final
class
HttpMethodValve
extends
RequestFilterValve
...
{
//-----------------------------------------------------InstanceVariables
/***//**
*Thedescriptiveinformationrelatedtothisimplementation.
*/
privatestaticfinalStringinfo="org.apache.catalina.valves.HttpMethodValve/1.0";
//-------------------------------------------------------------Properties
/***//**
*ReturndescriptiveinformationaboutthisValveimplementation.
*/
publicStringgetInfo()...{
return(info);
}
//---------------------------------------------------------PublicMethods
/***//**
*Extractthedesiredrequestproperty,andpassit(alongwiththe
*specifiedrequestandresponseobjects)totheprotected
*<code>process()</code>methodtoperformtheactualfiltering.This
*methodmustbeimplementedbyaconcretesubclass.
*
*@paramrequest
*Theservletrequesttobeprocessed
*@paramresponse
*Theservletresponsetobecreated
*@paramcontext
*Thevalvecontextusedtoinvokethenextvalveinthecurrent
*processingpipeline
*
*@exceptionIOException
*ifaninput/outputerroroccurs
*@exceptionServletException
*ifaservleterroroccurs
*/
publicvoidinvoke(Requestrequest,Responseresponse)
throwsIOException,ServletException...{
ServletRequestsreq=request.getRequest();
if(sreqinstanceofHttpServletRequest)...{
HttpServletRequesthreq=(HttpServletRequest)sreq;
process(hreq.getMethod(),request,response);
}
}
}
由于tomcat5.0与tomcat5.5有很大区别.所以实际实现方法是不一样的.在修改时需要注意.而tomcat6.0还没有搞过disable过.所以还请自己搜下了.
以下为tomcat5.5下的代码
package
org.apache.catalina.valves;
import
java.io.IOException;
import
javax.servlet.ServletException;
import
javax.servlet.ServletRequest;
import
javax.servlet.http.HttpServletRequest;
import
org.apache.catalina.Request;
import
org.apache.catalina.Response;
import
org.apache.catalina.ValveContext;
import
org.apache.catalina.valves.RequestFilterValve;
/***/
/***Concreteimplementationof<code>RequestFilterValve</code>thatfilters*HTTPrequestsbaseduponthestringrepresentationoftherequestmethod.**inserver.xml:<ValveclassName="org.apache.catalina.valves.HttpMethodValve"*allow="comma-separated-string"deny="comma-separated-string"/>**wherecomma-separated-stringisalistofHTTPmethods(uppercase)separated*bycommas.**Example:TodisablePUTandDELETEmethodsonastandaloneTomcat5server,**<Engine...><!--or<Host>--><Valve*className="org.apache.catalina.valves.HttpMethodValve"deny="PUT,DELETE"/>*</Engine>**@authorMarkAnderson*@version$Revision:1.0$$Date:2004/12/2713:56:21$*/
public
final
class
HttpMethodValve
extends
RequestFilterValve
...
{//-----------------------------------------------------InstanceVariables/***//***Thedescriptiveinformationrelatedtothisimplementation.*/privatestaticfinalStringinfo="org.apache.catalina.valves.HttpMethodValve/1.0";//-------------------------------------------------------------Properties/***//***ReturndescriptiveinformationaboutthisValveimplementation.*/publicStringgetInfo()...{return(info);}//---------------------------------------------------------PublicMethods/***//***Extractthedesiredrequestproperty,andpassit(alongwiththe*specifiedrequestandresponseobjects)totheprotected*<code>process()</code>methodtoperformtheactualfiltering.This*methodmustbeimplementedbyaconcretesubclass.**@paramrequest*Theservletrequesttobeprocessed*@paramresponse*Theservletresponsetobecreated*@paramcontext*Thevalvecontextusedtoinvokethenextvalveinthecurrent*processingpipeline**@exceptionIOException*ifaninput/outputerroroccurs*@exceptionServletException*ifaservleterroroccurs*/publicvoidinvoke(Requestrequest,Responseresponse)throwsIOException,ServletException...{ServletRequestsreq=request.getRequest();if(sreqinstanceofHttpServletRequest)...{HttpServletRequesthreq=(HttpServletRequest)sreq;process(hreq.getMethod(),request,response);}}}
4026
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
