Hello Poornima,
According to your instructions for “Configuring JBoss to minimize security risks: In order to minimize security risks for the application, block the access to potentially harmful HTTP methods like “PUT, DELETE, etc.” To do this, add the security-constraint to the web.xml at the specific location listed below.
•File: web.xml
•Location: JBOSS_HOME/server/<jboss.server.name>/deploy/jboss-web.deployer/conf”
While this file web.xml exists for Jboss 4.2.3GA in caTissue 1.2: \JBoss\jboss-4.2.3.GA\server\default\deploy\jboss-web.deployer\conf
/jboss-web.deployer/conf does not exists in JBoss 5.1.0GA. I searched and there are other web.xml files in other locations:
C:\Jboss\jboss-5.1.0.GA\server\default\deploy\jmx-console.war\WEB-INF\web.xml
C:\Jboss\jboss-5.1.0.GA\server\default\deploy\management\console-mgr.sar\web-console.war\WEB-INF\web.xml
C:\Jboss\jboss-5.1.0.GA\server\default\deploy\jbossws.sar\jbossws-management.war\WEB-INF\web.xml
C:\Jboss\jboss-5.1.0.GA\server\default\deploy\ROOT.war\WEB-INF\web.xml
C:\Jboss\jboss-5.1.0.GA\server\default\deploy\http-invoker.sar\invoker.war\WEB-INF\web.xml
C:\Jboss\jboss-5.1.0.GA\server\default\deploy\admin-console.war\WEB-INF\web.xml
Please advise which file needs to be changed, if applicable.
Thank you
Nadia