由于通过xsan检测到tomcat服务器存在put&delete method.在通过查找后找到了disable的方法.
以下为tomcat5.5下的代码
package
org.apache.catalina.valves;
import
java.io.IOException;
import
javax.servlet.ServletException;
import
javax.servlet.ServletRequest;
import
javax.servlet.http.HttpServletRequest;
import
org.apache.catalina.Request;
import
org.apache.catalina.Response;
import
org.apache.catalina.ValveContext;
import
org.apache.catalina.valves.RequestFilterValve;
/**
* Concrete implementation of <code>RequestFilterValve</code> that filters
* HTTP requests based upon the string representation of the request method.
*
* in server.xml: <Valve className="org.apache.catalina.valves.HttpMethodValve"
* allow="comma-separated-string" deny="comma-separated-string" />
*
* where comma-separated-string is a list of HTTP methods (uppercase) separated
* by commas.
*
* Example: To disable PUT and DELETE methods on a standalone Tomcat 5 server,
*
* <Engine ...> <!-- or <Host> --> <Valve
* className="org.apache.catalina.valves.HttpMethodValve" deny="PUT,DELETE" />
* </Engine>
*
* @author Mark Anderson
* @version $Revision: 1.0 $ $Date: 2004/12/27 13:56:21 $
*/
public
final
class
HttpMethodValve
extends
RequestFilterValve
{
// ----------------------------------------------------- Instance Variables
/**
* The descriptive information related to this implementation.
*/
private static final String info = "org.apache.catalina.valves.HttpMethodValve/1.0";
// ------------------------------------------------------------- Properties
/**
* Return descriptive information about this Valve implementation.
*/
public String getInfo() {
return (info);
}
// --------------------------------------------------------- Public Methods
/**
* Extract the desired request property, and pass it (along with the
* specified request and response objects) to the protected
* <code>process()</code> method to perform the actual filtering. This
* method must be implemented by a concrete subclass.
*
* @param request
* The servlet request to be processed
* @param response
* The servlet response to be created
* @param context
* The valve context used to invoke the next valve in the current
* processing pipeline
*
* @exception IOException
* if an input/output error occurs
* @exception ServletException
* if a servlet error occurs
*/
public void invoke(Request request, Response response)
throws IOException, ServletException {
ServletRequest sreq = request.getRequest();
if (sreq instanceof HttpServletRequest) {
HttpServletRequest hreq = (HttpServletRequest) sreq;
process(hreq.getMethod(), request, response);
}
}
}
由于tomcat5.0与tomcat5.5有很大区别.所以实际实现方法是不一样的.在修改时需要注意.而tomcat6.0还没有搞过disable过.所以还请自己搜下了.
以下为tomcat5.5下的代码
package
org.apache.catalina.valves;
import
java.io.IOException;
import
javax.servlet.ServletException;
import
javax.servlet.ServletRequest;
import
javax.servlet.http.HttpServletRequest;
import
org.apache.catalina.Request;
import
org.apache.catalina.Response;
import
org.apache.catalina.ValveContext;
import
org.apache.catalina.valves.RequestFilterValve;
/**
* Concrete implementation of <code>RequestFilterValve</code> that filters * HTTP requests based upon the string representation of the request method. * * in server.xml: <Valve className="org.apache.catalina.valves.HttpMethodValve" * allow="comma-separated-string" deny="comma-separated-string" /> * * where comma-separated-string is a list of HTTP methods (uppercase) separated * by commas. * * Example: To disable PUT and DELETE methods on a standalone Tomcat 5 server, * * <Engine ...> <!-- or <Host> --> <Valve * className="org.apache.catalina.valves.HttpMethodValve" deny="PUT,DELETE" /> * </Engine> * * @author Mark Anderson * @version $Revision: 1.0 $ $Date: 2004/12/27 13:56:21 $ */
public
final
class
HttpMethodValve
extends
RequestFilterValve
{ // ----------------------------------------------------- Instance Variables /**
* The descriptive information related to this implementation. */ private static final String info = "org.apache.catalina.valves.HttpMethodValve/1.0"; // ------------------------------------------------------------- Properties /** * Return descriptive information about this Valve implementation. */ public String getInfo() { return (info); } // --------------------------------------------------------- Public Methods /** * Extract the desired request property, and pass it (along with the * specified request and response objects) to the protected * <code>process()</code> method to perform the actual filtering. This * method must be implemented by a concrete subclass. * * @param request * The servlet request to be processed * @param response * The servlet response to be created * @param context * The valve context used to invoke the next valve in the current * processing pipeline * * @exception IOException * if an input/output error occurs * @exception ServletException * if a servlet error occurs */ public void invoke(Request request, Response response) throws IOException, ServletException { ServletRequest sreq = request.getRequest(); if (sreq instanceof HttpServletRequest) { HttpServletRequest hreq = (HttpServletRequest) sreq; process(hreq.getMethod(), request, response); } }}
711
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
