關閉tomcat的一些不安全http請求方法:
在tomcat的web.xml或者項目的web.xml中添加以下參數:(圖中tomcat版本為7.0.61)
<security-constraint> <web-resource-collection> <web-resource-name>fortune</web-resource-name> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>DELETE</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> </web-resource-collection> <auth-constraint></auth-constraint> </security-constraint>