一问题描述:
IBM Security AppScan Standard给出系统安全报告:
解决办法:
添加一下节点代码到web.xml配置文件当中。可以在项目WEB-INF/web.xml中添加:
<!-- close insecure http methods -->
<security-constraint>
<web-resource-collection>
<web-resource-name>fortune</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint></auth-constraint>
</security-constraint>