Which element of a web application deployment descriptor <web-resource-collection> element is
used to specify a HTTP method to which the corresponding <security-constraint> will not apply?
A.
<exclude-http-method>
B.
<neglect-http-method>
C.
<http-method-omission>
D.
<http-method-excluded>
E.
<exceptional-http-method>
Explanation:
http://java.sun.com/xml/ns/javaee/web-common_3_0.xsd (search http-methodomission)
C
Deny all HTTP methods except GET and POST
/company/*
GET
POST
C
For example, the following constraint excludes access to all methods except GET and POST at the resources matched by the pattern /company/*:
Deny all HTTP methods except GET and POST
/company/*
GET
POST
http://docs.oracle.com/javaee/6/tutorial/doc/gmmku.html