The simplest way to ensure that you deny all HTTP methods except those that you want to be permitted is to usehttp-method-omissionelements to omit those HTTP methods from the security constraint, and also to define anauth-constraintthat names no roles. The security constraint will apply to all methods except those that were named in the omissions, and the constraint will apply only to the resources matched by the patterns in the constraint.
For example, the following constraint excludes access to all methods except GET and POST at the resources matched by the pattern/company/*:
<!-- SECURITY CONSTRAINT #5 -->
<display-name>Deny all HTTP methods except GET and POST</display-name>
Thank you for posting your query in the PSC. This looks like an inactive post and hence, we suggest you create a new post for your query. Click on the Write Post button here. Once created, please reply back here with the URL of the new post.
You may also refer this discussion link as a reference in the new thread.