Hi all,
I'm wondering if there is another configuration needed to set which HTTP
methods that JSPServlet accepts.. I'm attempting overriding doPut() in a
JSP but I get a 403. Same if I don't override it and just try with
'request.getMethod().equalsIgnoreCase("PUT")' in the JSP generated
service() body..
<%!
public void doPut(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException
{
//do something
}
%>
Currently PUT always generates 403, even though I am authenticated okay
(indicated by the remote-user field in access logs). But GET and POST
are fine..
Thanks in advance,
-Ken
PS - Here's my web.xml excerpt:
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
<!-- If you list http methods, only those methods are
protected -->
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>TRACE</http-method>
<http-method>OPTIONS</http-method>
<http-method>HEAD</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this
area -->
<role-name>tomcat</role-name>
<role-name>role1</role-name>
<role-name>ken</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp?fail=true</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>role1</role-name>
</security-role>
<security-role>
<role-name>tomcat</role-name>
</security-role>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
