如何禁用不需要的HTTP方法

禁用不需要的http方法，一般禁用delete，put，默认情况tomcat禁止了delete，put，访问返回403-forbiden，此处在web.xml的<web-app>中添加如下禁用配置，
要让web.xml配置生效需要重启tomcat

<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>