Re: Unable to override doPut(), etc, from Tomcat's JSPServlet (response 403)

Fri, 13 Jan 2006 04:09:27 -0800

You cannot add a doPut() to your servlet and excpect it to work. But in your JSP, you can do this: 

// The following worked fine with tomcat 5.0.28 (plus unrelated patches)
if("PUT".equals(request.getMethod()) {
  /*put code*/
} else {
  /*not put code*/
}
JSP's declare Servlet.service() as final. Then they call _jspService() (which is created during JSP compilation). So doYYY() is never called. 

-Tim

Ken Johanson wrote:


Hi all,
I'm wondering if there is another configuration needed to set which HTTP methods that JSPServlet accepts.. I'm attempting overriding doPut() in a JSP but I get a 403. Same if I don't override it and just try with 'request.getMethod().equalsIgnoreCase("PUT")' in the JSP generated service() body.. 

<%!
public void doPut(HttpServletRequest request, HttpServletResponse response)
    throws IOException, ServletException
{
    //do something
}
%>
Currently PUT always generates 403, even though I am authenticated okay (indicated by the remote-user field in access logs). But GET and POST are fine.. 

Thanks in advance,
-Ken

PS - Here's my web.xml excerpt:

    <security-constraint>
        <display-name>Example Security Constraint</display-name>
        <web-resource-collection>
            <web-resource-name>Protected Area</web-resource-name>
            <!-- Define the context-relative URL(s) to be protected -->
            <url-pattern>/*</url-pattern>
<!-- If you list http methods, only those methods are protected --> 
            <http-method>HEAD</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
            <http-method>DELETE</http-method>
            <http-method>TRACE</http-method>
            <http-method>OPTIONS</http-method>
            <http-method>HEAD</http-method>
        </web-resource-collection>
        <auth-constraint>
<!-- Anyone with one of the listed roles may access this area --> 
            <role-name>tomcat</role-name>
            <role-name>role1</role-name>
            <role-name>ken</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/login.jsp?fail=true</form-error-page>
        </form-login-config>
    </login-config>

    <!-- Security roles referenced by this web application -->
    <security-role>
        <role-name>role1</role-name>
    </security-role>
    <security-role>
        <role-name>tomcat</role-name>
    </security-role>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to