Whitelist security constraint in web.xml

Question

I\'m using Tomcat for my Struts2 application. The web.xml has certain entries as shown below:

Answer 1

A slight tweak to the accepted answer (set the url-pattern in the second security-constraint to map to the default servlet "/") works for JBoss and Weblogic but not for Websphere:

    
        Allowed methods
        /*
        GET
        POST
    
    


    
        Restricted methods
        /
    
    

With the security constraints configuration above, I'm not sure why Websphere allows all HTTP methods, while JBoss and Weblogic only allows GET and POST.