在应用的web.xml中配置如下信息:
<security-constraint>
<web-resource-collection>
<web-resource-name>NoAccess</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>AllowedMethods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
</security-constraint>
在项目中配置在当前项目中有效,如果想让jboss下所有项目都生效,则在jboss下conf\web.xml中配置。