You were stating that it's ok for GET, and not for PUT. But what about POST methods ? Are they doing okay ?
Some suggestions : I wonder whether the HiddenHttpMethodFilter is reached. You have many filters, and maybe one of them could be causing this ? To answer this, you might consider extending HiddenHttpMethodFilter and add logging to it, and register it to replace HiddenHttpMethodFilter in your web.xml If POST handlers are doing fine, then another idea is to just forget about the PUT just to test things out : - comment out the HiddenHttpMethodFilter and it's mapping in the web.xml - convert your controller methods from using PUT to POST - no changes needed in the ui forms, since it actually emulates PUT by using POST + hidden _method=PUT when you use <form:form> - If after using POST, and it's still 403, then the problem is not with the PUT, it might be something else. On Fri, Oct 4, 2013 at 9:24 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > > Subject: Re: Getting error 403 forbidden while using HTTP PUT method > > > > <!-- <security-constraint> <web-resource-collection> > > > <web-resource-name>ABC</web-resource-name> > > > <url-pattern>/api/mode</url-pattern> > > > <http-method>DELETE</http-method> <http-method>PUT</http-method> > > > <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> > > > <http-method>TRACE</http-method> <http-method>GET</http-method> > > > <http-method>POST</http-method> </web-resource-collection> > > > <user-data-constraint> > > > <transport-guarantee>NONE</transport-guarantee> > > > </user-data-constraint> </security-constraint> --> > > > > <!-- <security-constraint> <web-resource-collection> > > > <web-resource-name>ABC</web-resource-name> > > > <url-pattern>/*</url-pattern> <http-method>PUT</http-method> > > > </web-resource-collection> <auth-constraint> > > > <role-name>admin</role-name> </auth-constraint> > > > </security-constraint> > > > Looks like the above is the problem: you have a constraint on the PUT > > method, but no other methods. What were you expecting? > > There's no such constraint indicated; all of the above is commented out. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail and > its attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Do not pursue the past. Do not lose yourself in the future. The past no longer is. The future has not yet come. Looking deeply at life as it is in the very here and now, the practitioner dwells in stability and freedom. (Thich Nhat Hanh)
