com.ibm.ws.webcontainer.webapp.WebAppErrorReport: Method is not defined in RFC 2068 and is not supported by the Servlet API

Spring JIRA | robin bajaj | 8 years ago
  1. 0

    [SWF-794] Spring Security (PreAuthentication) setup fails with Spring webflow, works otherwise - Spring JIRA

    spring.io | 1 year ago
    com.ibm.ws.webcontainer.webapp.WebAppErrorReport: Method is not defined in RFC 2068 and is not supported by the Servlet API
  2. 0

    I am using Spring 2.5, Spring Webflow 2.0.2 and Spring Security 2.0.1 versions I think I have hit upon a bug involving preAuthentication+ spring Security+ Spring Webflow and its related to Spring Webflow since Spring Security+preAuthentication is working fine for non spring-webflow related pages. I started with sample webapp from Spring web flow. Then added form-login based security using "tutorial" sample application from Spring Security. It was all working fine. Then I changed my spring security setup to accommodate the requirement for preAuthentication (since we are using Tivoli Access Manager/Web Seal infrastructure for authentication and will continue to use Spring Security for authorization). After a lot of struggle, I have Spring Security working such that I can navigate from my unsecured home page to a secured (non SWF) page and I notice (from DEBUG log output) that Spring security filter chain is doing its job correctly. But when I click on the other secured link on my home page that starts my (spring webflow based) web-flow, I get the error in the browser Code: Error 501: Method is not defined in RFC 2068 and is not supported by the Servlet API Here's the exception trace, I get from Websphere 6.1.0.15 server - Code: [09/07/08 16:16:46:046 EDT] 00000027 WebApp E [Servlet Error]-[Spring MVC Dispatcher Servlet]: com.ibm.ws.webcontainer.webapp.WebAppErrorReport: Method is not defined in RFC 2068 and is not supported by the Servlet API at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendError(WebAppDispatcherContext.java:538) at com.ibm.ws.webcontainer.srt.SRTServletResponse.sendError(SRTServletResponse.java:968) at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:152) at org.springframework.security.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendError(HttpSessionContextIntegrationFilter.java:498) at javax.servlet.http.HttpServlet.service(HttpServlet.java:788) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1068) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1009) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:359) Last edited by robinbajaj; Yesterday at 03:53 PM. Reason: mentioned the versions of spring, swf, security frameworks Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this message robinbajaj View Public Profile Send a private message to robinbajaj Find all posts by robinbajaj Add robinbajaj to Your Contacts #2 Report Post Old Yesterday, 11:45 AM robinbajaj robinbajaj is online now Junior Member Join Date: Jun 2007 Posts: 16 Default (continued from the above post.. with more details.) I have put the full exception trace here http://rafb.net/p/Np6u4461.html (because of the character limit in spring forums) Just to confirm if its a Websphere related issue I created a war file and deployed on Apache tomcat 5.5.26, I get the same behaviour - non SWF secured page can be visited without problems, but the SWF related webflow page cannot be visited, and I get the same message in the browser. Here's how my springSecurityContext.xml looks like URL: http://rafb.net/p/wBURCg22.html Here's how my webflow-config.xml looks like URL: http://rafb.net/p/ap30Xo16.html Here's my policy.xml (for my first webflow) URL: http://rafb.net/p/DDsQ8g62.html Here's my home page (unsecured) URL: http://rafb.net/p/EKMPU732.html Here's my first page from the policy webflow URL: http://rafb.net/p/1fnShV36.html Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this message robinbajaj View Public Profile Send a private message to robinbajaj Find all posts by robinbajaj Add robinbajaj to Your Contacts #3 Report Post Old Yesterday, 03:06 PM robinbajaj robinbajaj is online now Junior Member Join Date: Jun 2007 Posts: 16 Default Its worth mentioning that Spring webflow page could be visited without problems when I had form-login based authentication setup in spring security. So before , it was like CASE-1: Spring Security (form-login) + spring Webflow --> working fine for secured (both SWF and non-SWF) pages. my securityContext.xml from CASE_1 is : Code: <global-method-security secured-annotations="enabled"> </global-method-security> <http> <intercept-url pattern="/login.jsp*" filters="none" /> <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR" /> <intercept-url pattern="/secure/**" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/faces/policysearch*" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/spring/*" access="ROLE_SUPERVISOR,ROLE_USER" /> <form-login login-page="/login.jsp" /> <logout /> </http> <authentication-provider user-service-ref="userDetailsService"> <user-service> <user name="super" password="super" authorities="ROLE_SUPERVISOR" /> <user name="scott" password="scott" authorities="ROLE_USER" /> <user name="mark" password="mark" authorities="ROLE_USER" disabled="true" /> <user name="base" password="base" authorities="ROLE_BASE" /> </user-service> </authentication-provider> CASE-2: Now, after I changed my authentication setup from form-login to preauthentication --> only my non-SWF, secured pages can be visited. And I get the above mentioned error when I try to visit the SWF controlled web pages. my (current, non-working) securityContext.xml from CASE_2 is : Code: <global-method-security secured-annotations="enabled"> </global-method-security> <http entry-point-ref="preAuthenticatedProcessingFilterEntryPoint"> <intercept-url pattern="/secure/extreme/*" access="ROLE_SUPERVISOR" /> <intercept-url pattern="/secure/*" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/faces/policysearch*" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/spring/*" access="ROLE_SUPERVISOR,ROLE_USER" /> </http> <beans:bean id="preAuthenticatedProcessingFilterEntryPoint" class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" /> <beans:bean id="preAuthenticatedProcessingFilter" class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter"> <custom-filter position="PRE_AUTH_FILTER" /> <beans:property name="principalRequestHeader" value="iv-user" /> <beans:property name="credentialsRequestHeader" value="iv-password" /> <beans:property name="authenticationManager" ref="authenticationManager" /> </beans:bean> <authentication-manager alias="authenticationManager" /> <beans:bean id="preauthAuthProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider"> <custom-authentication-provider /> <beans:property name="preAuthenticatedUserDetailsService"> <beans:bean id="userDetailsServiceWrapper" class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper"> <beans:property name="userDetailsService" ref="userDetailsService" /> </beans:bean> </beans:property> </beans:bean> <beans:bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl"> <beans:property name="userProperties"> <beans:bean class="org.springframework.beans.factory.config.PropertiesFactoryBean"> <beans:property name="location" value="/WEB-INF/users.properties" /> </beans:bean> </beans:property> </beans:bean> I even turned on the DEBUG output for org.springframework.webflow, org.springframework.js, org.springframework.binding, org.springframework.faces packages but no additional output was spit out in the log file, I just got the same exception trace as mentioned above. At this time, I would even appreciate any tips to further debug this situation as to how I could get more detailed errors from SWF or Spring security in this case, robin

    Spring JIRA | 8 years ago | robin bajaj
    com.ibm.ws.webcontainer.webapp.WebAppErrorReport: Method is not defined in RFC 2068 and is not supported by the Servlet API
  3. 0

    I am using Spring 2.5, Spring Webflow 2.0.2 and Spring Security 2.0.1 versions I think I have hit upon a bug involving preAuthentication+ spring Security+ Spring Webflow and its related to Spring Webflow since Spring Security+preAuthentication is working fine for non spring-webflow related pages. I started with sample webapp from Spring web flow. Then added form-login based security using "tutorial" sample application from Spring Security. It was all working fine. Then I changed my spring security setup to accommodate the requirement for preAuthentication (since we are using Tivoli Access Manager/Web Seal infrastructure for authentication and will continue to use Spring Security for authorization). After a lot of struggle, I have Spring Security working such that I can navigate from my unsecured home page to a secured (non SWF) page and I notice (from DEBUG log output) that Spring security filter chain is doing its job correctly. But when I click on the other secured link on my home page that starts my (spring webflow based) web-flow, I get the error in the browser Code: Error 501: Method is not defined in RFC 2068 and is not supported by the Servlet API Here's the exception trace, I get from Websphere 6.1.0.15 server - Code: [09/07/08 16:16:46:046 EDT] 00000027 WebApp E [Servlet Error]-[Spring MVC Dispatcher Servlet]: com.ibm.ws.webcontainer.webapp.WebAppErrorReport: Method is not defined in RFC 2068 and is not supported by the Servlet API at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendError(WebAppDispatcherContext.java:538) at com.ibm.ws.webcontainer.srt.SRTServletResponse.sendError(SRTServletResponse.java:968) at javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:152) at org.springframework.security.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendError(HttpSessionContextIntegrationFilter.java:498) at javax.servlet.http.HttpServlet.service(HttpServlet.java:788) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1068) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1009) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:359) Last edited by robinbajaj; Yesterday at 03:53 PM. Reason: mentioned the versions of spring, swf, security frameworks Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this message robinbajaj View Public Profile Send a private message to robinbajaj Find all posts by robinbajaj Add robinbajaj to Your Contacts #2 Report Post Old Yesterday, 11:45 AM robinbajaj robinbajaj is online now Junior Member Join Date: Jun 2007 Posts: 16 Default (continued from the above post.. with more details.) I have put the full exception trace here http://rafb.net/p/Np6u4461.html (because of the character limit in spring forums) Just to confirm if its a Websphere related issue I created a war file and deployed on Apache tomcat 5.5.26, I get the same behaviour - non SWF secured page can be visited without problems, but the SWF related webflow page cannot be visited, and I get the same message in the browser. Here's how my springSecurityContext.xml looks like URL: http://rafb.net/p/wBURCg22.html Here's how my webflow-config.xml looks like URL: http://rafb.net/p/ap30Xo16.html Here's my policy.xml (for my first webflow) URL: http://rafb.net/p/DDsQ8g62.html Here's my home page (unsecured) URL: http://rafb.net/p/EKMPU732.html Here's my first page from the policy webflow URL: http://rafb.net/p/1fnShV36.html Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this message robinbajaj View Public Profile Send a private message to robinbajaj Find all posts by robinbajaj Add robinbajaj to Your Contacts #3 Report Post Old Yesterday, 03:06 PM robinbajaj robinbajaj is online now Junior Member Join Date: Jun 2007 Posts: 16 Default Its worth mentioning that Spring webflow page could be visited without problems when I had form-login based authentication setup in spring security. So before , it was like CASE-1: Spring Security (form-login) + spring Webflow --> working fine for secured (both SWF and non-SWF) pages. my securityContext.xml from CASE_1 is : Code: <global-method-security secured-annotations="enabled"> </global-method-security> <http> <intercept-url pattern="/login.jsp*" filters="none" /> <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR" /> <intercept-url pattern="/secure/**" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/faces/policysearch*" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/spring/*" access="ROLE_SUPERVISOR,ROLE_USER" /> <form-login login-page="/login.jsp" /> <logout /> </http> <authentication-provider user-service-ref="userDetailsService"> <user-service> <user name="super" password="super" authorities="ROLE_SUPERVISOR" /> <user name="scott" password="scott" authorities="ROLE_USER" /> <user name="mark" password="mark" authorities="ROLE_USER" disabled="true" /> <user name="base" password="base" authorities="ROLE_BASE" /> </user-service> </authentication-provider> CASE-2: Now, after I changed my authentication setup from form-login to preauthentication --> only my non-SWF, secured pages can be visited. And I get the above mentioned error when I try to visit the SWF controlled web pages. my (current, non-working) securityContext.xml from CASE_2 is : Code: <global-method-security secured-annotations="enabled"> </global-method-security> <http entry-point-ref="preAuthenticatedProcessingFilterEntryPoint"> <intercept-url pattern="/secure/extreme/*" access="ROLE_SUPERVISOR" /> <intercept-url pattern="/secure/*" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/faces/policysearch*" access="ROLE_SUPERVISOR,ROLE_USER" /> <intercept-url pattern="/spring/*" access="ROLE_SUPERVISOR,ROLE_USER" /> </http> <beans:bean id="preAuthenticatedProcessingFilterEntryPoint" class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint" /> <beans:bean id="preAuthenticatedProcessingFilter" class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter"> <custom-filter position="PRE_AUTH_FILTER" /> <beans:property name="principalRequestHeader" value="iv-user" /> <beans:property name="credentialsRequestHeader" value="iv-password" /> <beans:property name="authenticationManager" ref="authenticationManager" /> </beans:bean> <authentication-manager alias="authenticationManager" /> <beans:bean id="preauthAuthProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider"> <custom-authentication-provider /> <beans:property name="preAuthenticatedUserDetailsService"> <beans:bean id="userDetailsServiceWrapper" class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper"> <beans:property name="userDetailsService" ref="userDetailsService" /> </beans:bean> </beans:property> </beans:bean> <beans:bean id="userDetailsService" class="org.springframework.security.userdetails.memory.InMemoryDaoImpl"> <beans:property name="userProperties"> <beans:bean class="org.springframework.beans.factory.config.PropertiesFactoryBean"> <beans:property name="location" value="/WEB-INF/users.properties" /> </beans:bean> </beans:property> </beans:bean> I even turned on the DEBUG output for org.springframework.webflow, org.springframework.js, org.springframework.binding, org.springframework.faces packages but no additional output was spit out in the log file, I just got the same exception trace as mentioned above. At this time, I would even appreciate any tips to further debug this situation as to how I could get more detailed errors from SWF or Spring security in this case, robin

    Spring JIRA | 8 years ago | robin bajaj
    com.ibm.ws.webcontainer.webapp.WebAppErrorReport: Method is not defined in RFC 2068 and is not supported by the Servlet API
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    Getting LIST from the request attribute

    Stack Overflow | 2 years ago | JNPW
    com.ibm.ws.webcontainer.webapp.WebAppErrorReport: SRVE0295E: Error reported: 500
  6. 0

    Jsf 2.0 + Websphere Portal 8 - Composite Component - StackOverflowError when Ajax submit

    Stack Overflow | 2 years ago | m.b
    com.ibm.ws.webcontainer.webapp.WebAppErrorReport: SRVE0295E: Error reported: 500

    13 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. com.ibm.ws.webcontainer.webapp.WebAppErrorReport

      Method is not defined in RFC 2068 and is not supported by the Servlet API

      at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendError()
    2. WebSphere
      WebAppDispatcherContext.sendError
      1. com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendError(WebAppDispatcherContext.java:538)
      1 frame
    3. com.ibm.ws
      SRTServletResponse.sendError
      1. com.ibm.ws.webcontainer.srt.SRTServletResponse.sendError(SRTServletResponse.java:968)
      1 frame
    4. JavaServlet
      HttpServletResponseWrapper.sendError
      1. javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:152)
      1 frame
    5. Spring Security - Portlet support
      HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendError
      1. org.springframework.security.context.HttpSessionContextIntegrationFilter$OnRedirectUpdateSessionResponseWrapper.sendError(HttpSessionContextIntegrationFilter.java:498)
      1 frame
    6. JavaServlet
      HttpServlet.service
      1. javax.servlet.http.HttpServlet.service(HttpServlet.java:788)
      2. javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
      2 frames
    7. WebSphere
      WebAppFilterChain.doFilter
      1. com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1068)
      2. com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1009)
      3. com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145)
      3 frames
    8. spring-security-core
      FilterChainProxy$VirtualFilterChain.doFilter
      1. org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:359)
      1 frame