com.ibm.ws.webcontainer.webapp.WebAppErrorReport: Method is not defined in RFC 2068 and is not supported by the Servlet API

There are no available Samebug tips for this exception. Do you have an idea how to solve this issue? A short tip would help users who saw this issue last week.

  • I am using Spring 2.5, Spring Webflow 2.0.2 and Spring Security 2.0.1 versions I think I have hit upon a bug involving preAuthentication+ spring Security+ Spring Webflow and its related to Spring Webflow since Spring Security+preAuthentication is working fine for non spring-webflow related pages. I started with sample webapp from Spring web flow. Then added form-login based security using "tutorial" sample application from Spring Security. It was all working fine. Then I changed my spring security setup to accommodate the requirement for preAuthentication (since we are using Tivoli Access Manager/Web Seal infrastructure for authentication and will continue to use Spring Security for authorization). After a lot of struggle, I have Spring Security working such that I can navigate from my unsecured home page to a secured (non SWF) page and I notice (from DEBUG log output) that Spring security filter chain is doing its job correctly. But when I click on the other secured link on my home page that starts my (spring webflow based) web-flow, I get the error in the browser Code: Error 501: Method is not defined in RFC 2068 and is not supported by the Servlet API Here's the exception trace, I get from Websphere 6.1.0.15 server - Code: [09/07/08 16:16:46:046 EDT] 00000027 WebApp E [Servlet Error]-[Spring MVC Dispatcher Servlet]: com.ibm.ws.webcontainer.webapp.WebAppErrorReport: Method is not defined in RFC 2068 and is not supported by the Servlet API at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendError(WebAppDispatcherContext.java:538) at com.ibm.ws.webcontainer.srt.SRTServletResponse.sendError(SRTServletResponse.java:968) at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:152) at org.springframework.security.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendError(HttpSessionContextIntegrationFilter.java:498) at javax.servlet.http.HttpServlet.service(HttpServlet.java:788) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1068) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1009) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:359) Last edited by robinbajaj; Yesterday at 03:53 PM. Reason: mentioned the versions of spring, swf, security frameworks Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this message robinbajaj View Public Profile Send a private message to robinbajaj Find all posts by robinbajaj Add robinbajaj to Your Contacts #2 Report Post Old Yesterday, 11:45 AM robinbajaj robinbajaj is online now Junior Member Join Date: Jun 2007 Posts: 16 Default (continued from the above post.. with more details.) I have put the full exception trace here http://rafb.net/p/Np6u4461.html (because of the character limit in spring forums) Just to confirm if its a Websphere related issue I created a war file and deployed on Apache tomcat 5.5.26, I get the same behaviour - non SWF secured page can be visited without problems, but the SWF related webflow page cannot be visited, and I get the same message in the browser. Here's how my springSecurityContext.xml looks like URL: http://rafb.net/p/wBURCg22.html Here's how my webflow-config.xml looks like URL: http://rafb.net/p/ap30Xo16.html Here's my policy.xml (for my first webflow) URL: http://rafb.net/p/DDsQ8g62.html Here's my home page (unsecured) URL: http://rafb.net/p/EKMPU732.html Here's my first page from the policy webflow URL: http://rafb.net/p/1fnShV36.html Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this message robinbajaj View Public Profile Send a private message to robinbajaj Find all posts by robinbajaj Add robinbajaj to Your Contacts #3 Report Post Old Yesterday, 03:06 PM robinbajaj robinbajaj is online now Junior Member Join Date: Jun 2007 Posts: 16 Default Its worth mentioning that Spring webflow page could be visited without problems when I had form-login based authentication setup in spring security. So before , it was like CASE-1: Spring Security (form-login) + spring Webflow --> working fine for secured (both SWF and non-SWF) pages. my securityContext.xml from CASE_1 is : Code: <global-method-security secured-annotations="enabled"> </global-method-security> <http> <intercept-url pattern="/login.jsp*" filters="none" /> <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR" /> <intercept-url pattern="/secure/**" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/faces/policysearch*" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/spring/*" access="ROLE_SUPERVISOR,ROLE_USER" /> <form-login login-page="/login.jsp" /> <logout /> </http> <authentication-provider user-service-ref="userDetailsService"> <user-service> <user name="super" password="super" authorities="ROLE_SUPERVISOR" /> <user name="scott" password="scott" authorities="ROLE_USER" /> <user name="mark" password="mark" authorities="ROLE_USER" disabled="true" /> <user name="base" password="base" authorities="ROLE_BASE" /> </user-service> </authentication-provider> CASE-2: Now, after I changed my authentication setup from form-login to preauthentication --> only my non-SWF, secured pages can be visited. And I get the above mentioned error when I try to visit the SWF controlled web pages. my (current, non-working) securityContext.xml from CASE_2 is : Code: <global-method-security secured-annotations="enabled"> </global-method-security> <http entry-point-ref="preAuthenticatedProcessingFilterEntryPoint"> <intercept-url pattern="/secure/extreme/*" access="ROLE_SUPERVISOR" /> <intercept-url pattern="/secure/*" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/faces/policysearch*" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/spring/*" access="ROLE_SUPERVISOR,ROLE_USER" /> </http> <beans:bean id="preAuthenticatedProcessingFilterEntryPoint" class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" /> <beans:bean id="preAuthenticatedProcessingFilter" class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter"> <custom-filter position="PRE_AUTH_FILTER" /> <beans:property name="principalRequestHeader" value="iv-user" /> <beans:property name="credentialsRequestHeader" value="iv-password" /> <beans:property name="authenticationManager" ref="authenticationManager" /> </beans:bean> <authentication-manager alias="authenticationManager" /> <beans:bean id="preauthAuthProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider"> <custom-authentication-provider /> <beans:property name="preAuthenticatedUserDetailsService"> <beans:bean id="userDetailsServiceWrapper" class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper"> <beans:property name="userDetailsService" ref="userDetailsService" /> </beans:bean> </beans:property> </beans:bean> <beans:bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl"> <beans:property name="userProperties"> <beans:bean class="org.springframework.beans.factory.config.PropertiesFactoryBean"> <beans:property name="location" value="/WEB-INF/users.properties" /> </beans:bean> </beans:property> </beans:bean> I even turned on the DEBUG output for org.springframework.webflow, org.springframework.js, org.springframework.binding, org.springframework.faces packages but no additional output was spit out in the log file, I just got the same exception trace as mentioned above. At this time, I would even appreciate any tips to further debug this situation as to how I could get more detailed errors from SWF or Spring security in this case, robin
    via by robin bajaj,
  • I am using Spring 2.5, Spring Webflow 2.0.2 and Spring Security 2.0.1 versions I think I have hit upon a bug involving preAuthentication+ spring Security+ Spring Webflow and its related to Spring Webflow since Spring Security+preAuthentication is working fine for non spring-webflow related pages. I started with sample webapp from Spring web flow. Then added form-login based security using "tutorial" sample application from Spring Security. It was all working fine. Then I changed my spring security setup to accommodate the requirement for preAuthentication (since we are using Tivoli Access Manager/Web Seal infrastructure for authentication and will continue to use Spring Security for authorization). After a lot of struggle, I have Spring Security working such that I can navigate from my unsecured home page to a secured (non SWF) page and I notice (from DEBUG log output) that Spring security filter chain is doing its job correctly. But when I click on the other secured link on my home page that starts my (spring webflow based) web-flow, I get the error in the browser Code: Error 501: Method is not defined in RFC 2068 and is not supported by the Servlet API Here's the exception trace, I get from Websphere 6.1.0.15 server - Code: [09/07/08 16:16:46:046 EDT] 00000027 WebApp E [Servlet Error]-[Spring MVC Dispatcher Servlet]: com.ibm.ws.webcontainer.webapp.WebAppErrorReport: Method is not defined in RFC 2068 and is not supported by the Servlet API at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendError(WebAppDispatcherContext.java:538) at com.ibm.ws.webcontainer.srt.SRTServletResponse.sendError(SRTServletResponse.java:968) at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:152) at org.springframework.security.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendError(HttpSessionContextIntegrationFilter.java:498) at javax.servlet.http.HttpServlet.service(HttpServlet.java:788) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1068) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1009) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:359) Last edited by robinbajaj; Yesterday at 03:53 PM. Reason: mentioned the versions of spring, swf, security frameworks Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this message robinbajaj View Public Profile Send a private message to robinbajaj Find all posts by robinbajaj Add robinbajaj to Your Contacts #2 Report Post Old Yesterday, 11:45 AM robinbajaj robinbajaj is online now Junior Member Join Date: Jun 2007 Posts: 16 Default (continued from the above post.. with more details.) I have put the full exception trace here http://rafb.net/p/Np6u4461.html (because of the character limit in spring forums) Just to confirm if its a Websphere related issue I created a war file and deployed on Apache tomcat 5.5.26, I get the same behaviour - non SWF secured page can be visited without problems, but the SWF related webflow page cannot be visited, and I get the same message in the browser. Here's how my springSecurityContext.xml looks like URL: http://rafb.net/p/wBURCg22.html Here's how my webflow-config.xml looks like URL: http://rafb.net/p/ap30Xo16.html Here's my policy.xml (for my first webflow) URL: http://rafb.net/p/DDsQ8g62.html Here's my home page (unsecured) URL: http://rafb.net/p/EKMPU732.html Here's my first page from the policy webflow URL: http://rafb.net/p/1fnShV36.html Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this message robinbajaj View Public Profile Send a private message to robinbajaj Find all posts by robinbajaj Add robinbajaj to Your Contacts #3 Report Post Old Yesterday, 03:06 PM robinbajaj robinbajaj is online now Junior Member Join Date: Jun 2007 Posts: 16 Default Its worth mentioning that Spring webflow page could be visited without problems when I had form-login based authentication setup in spring security. So before , it was like CASE-1: Spring Security (form-login) + spring Webflow --> working fine for secured (both SWF and non-SWF) pages. my securityContext.xml from CASE_1 is : Code: <global-method-security secured-annotations="enabled"> </global-method-security> <http> <intercept-url pattern="/login.jsp*" filters="none" /> <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR" /> <intercept-url pattern="/secure/**" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/faces/policysearch*" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/spring/*" access="ROLE_SUPERVISOR,ROLE_USER" /> <form-login login-page="/login.jsp" /> <logout /> </http> <authentication-provider user-service-ref="userDetailsService"> <user-service> <user name="super" password="super" authorities="ROLE_SUPERVISOR" /> <user name="scott" password="scott" authorities="ROLE_USER" /> <user name="mark" password="mark" authorities="ROLE_USER" disabled="true" /> <user name="base" password="base" authorities="ROLE_BASE" /> </user-service> </authentication-provider> CASE-2: Now, after I changed my authentication setup from form-login to preauthentication --> only my non-SWF, secured pages can be visited. And I get the above mentioned error when I try to visit the SWF controlled web pages. my (current, non-working) securityContext.xml from CASE_2 is : Code: <global-method-security secured-annotations="enabled"> </global-method-security> <http entry-point-ref="preAuthenticatedProcessingFilterEntryPoint"> <intercept-url pattern="/secure/extreme/*" access="ROLE_SUPERVISOR" /> <intercept-url pattern="/secure/*" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/faces/policysearch*" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/spring/*" access="ROLE_SUPERVISOR,ROLE_USER" /> </http> <beans:bean id="preAuthenticatedProcessingFilterEntryPoint" class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" /> <beans:bean id="preAuthenticatedProcessingFilter" class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter"> <custom-filter position="PRE_AUTH_FILTER" /> <beans:property name="principalRequestHeader" value="iv-user" /> <beans:property name="credentialsRequestHeader" value="iv-password" /> <beans:property name="authenticationManager" ref="authenticationManager" /> </beans:bean> <authentication-manager alias="authenticationManager" /> <beans:bean id="preauthAuthProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider"> <custom-authentication-provider /> <beans:property name="preAuthenticatedUserDetailsService"> <beans:bean id="userDetailsServiceWrapper" class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper"> <beans:property name="userDetailsService" ref="userDetailsService" /> </beans:bean> </beans:property> </beans:bean> <beans:bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl"> <beans:property name="userProperties"> <beans:bean class="org.springframework.beans.factory.config.PropertiesFactoryBean"> <beans:property name="location" value="/WEB-INF/users.properties" /> </beans:bean> </beans:property> </beans:bean> I even turned on the DEBUG output for org.springframework.webflow, org.springframework.js, org.springframework.binding, org.springframework.faces packages but no additional output was spit out in the log file, I just got the same exception trace as mentioned above. At this time, I would even appreciate any tips to further debug this situation as to how I could get more detailed errors from SWF or Spring security in this case, robin
    via by robin bajaj,
  • Getting LIST from the request attribute
    via Stack Overflow by JNPW
    ,
  • Errors in the logs
    via by remizov...@gmail.com,
  • AccessDeniedHandler not working - Spring Forum
    via by Unknown author,
    • com.ibm.ws.webcontainer.webapp.WebAppErrorReport: Method is not defined in RFC 2068 and is not supported by the Servlet API at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendError(WebAppDispatcherContext.java:538) at com.ibm.ws.webcontainer.srt.SRTServletResponse.sendError(SRTServletResponse.java:968) at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:152) at org.springframework.security.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendError(HttpSessionContextIntegrationFilter.java:498) at javax.servlet.http.HttpServlet.service(HttpServlet.java:788) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1068) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1009) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:359)

    Users with the same issue

    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,
    Unknown visitor1 times, last one,
    8 more bugmates