tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Albert Kam <moonblade.w...@gmail.com>
Subject Re: Getting error 403 forbidden while using HTTP PUT method
Date Fri, 04 Oct 2013 15:34:12 GMT
You were stating that it's ok for GET, and not for PUT.
But what about POST methods ? Are they doing okay ?

Some suggestions :

I wonder whether the HiddenHttpMethodFilter is reached.
You have many filters, and maybe one of them could be causing this ?
To answer this, you might consider extending HiddenHttpMethodFilter and add
logging to it,
and register it to replace HiddenHttpMethodFilter in your web.xml

If POST handlers are doing fine, then another idea is to just forget about
the PUT just to test things out :
- comment out the HiddenHttpMethodFilter and it's mapping in the web.xml
- convert your controller methods from using PUT to POST
- no changes needed in the ui forms,
  since it actually emulates PUT by using POST + hidden _method=PUT when
you use <form:form>
- If after using POST, and it's still 403, then the problem is not with the
PUT,
  it might be something else.



On Fri, Oct 4, 2013 at 9:24 PM, Caldarale, Charles R <
Chuck.Caldarale@unisys.com> wrote:

> > From: Christopher Schultz [mailto:chris@christopherschultz.net]
> > Subject: Re: Getting error 403 forbidden while using HTTP PUT method
>
> > > <!--  <security-constraint> <web-resource-collection>
> > > <web-resource-name>ABC</web-resource-name>
> > > <url-pattern>/api/mode</url-pattern>
> > > <http-method>DELETE</http-method> <http-method>PUT</http-method>
> > > <http-method>HEAD</http-method> <http-method>OPTIONS</http-method>
> > > <http-method>TRACE</http-method> <http-method>GET</http-method>
> > > <http-method>POST</http-method> </web-resource-collection>
> > > <user-data-constraint>
> > > <transport-guarantee>NONE</transport-guarantee>
> > > </user-data-constraint> </security-constraint> -->
>
> > > <!-- <security-constraint> <web-resource-collection>
> > > <web-resource-name>ABC</web-resource-name>
> > > <url-pattern>/*</url-pattern> <http-method>PUT</http-method>
> > > </web-resource-collection> <auth-constraint>
> > > <role-name>admin</role-name> </auth-constraint>
> > > </security-constraint>
>
> > Looks like the above is the problem: you have a constraint on the PUT
> > method, but no other methods. What were you expecting?
>
> There's no such constraint indicated; all of the above is commented out.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail and
> its attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


-- 
Do not pursue the past. Do not lose yourself in the future.
The past no longer is. The future has not yet come.
Looking deeply at life as it is in the very here and now,
the practitioner dwells in stability and freedom.
(Thich Nhat Hanh)

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message