Wildfly with Basic Auth blocks requests with HTTP POST is not allowed for this method
I have a strange problem which is not reproducible at the moment.
I have the following endpoints:
@Path("/v1/")
@Produces(MediaType.APPLICATION_JSON)
public class EndpointVersion1Base
{
private BackendRestClient restClient;
@EJB
public void setRestClient(BackendRestClient restClient)
{
this.restClient = restClient;
}
@Path("/dataprivacy/")
public Object getDataPrivacy()
{
return new DataPrivacyEndpoint(restClient);
}
@Path("/crashreporting/")
public Object getCrashReport()
{
return new CrashReportEndpoint(restClient);
}
}
The endpoint crashreporting has a Basic authentication. The endpoint dataprivacy has no authentication. The dataprivacy endpoint looks like this:
@Path("/")
@Produces(MediaType.APPLICATION_JSON)
public class DataPrivacyEndpoint
{
private BackendRestClient restClient;
private Logger logger = LoggerFactory.getLogger(getClass());
public DataPrivacyEndpoint(BackendRestClient restClient)
{
this.restClient = restClient;
}
public DataPrivacyEndpoint()
{
}
@POST
@Path("/")
@Consumes(MediaType.APPLICATION_JSON)
public Response storeConsent(
@NotNull(message = ErrorCodes.ERR_QUERY_PARAM_NULL) @Valid String consentInputBo) throws ForbiddenException, BadRequestException
{
//some code
}
}
I achieved the Basic Auth of the crashreporting endpoint by the following web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>publicapi</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Crash reporting</web-resource-name>
<description>crash reporting service</description>
<url-pattern>/v1/crashreporting/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>publicapi</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>UserRoles simple realm</realm-name>
</login-config>
<security-role>
<role-name>publicapi</role-name>
</security-role>
</web-app>
and jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd">
<context-root>publicapi</context-root>
<security-domain>other</security-domain>
</jboss-web>
Yesterday all this worked. Today I started the services. Suddenly, as I sent a POST request to the dataprivacy endpoint via http://192.168.0.80:8080/publicapi/v1/dataprivacy/ and I got an HTTP error response "HTTP POST is not allowed for this method".
I wondered why this happened because it worked yesterday. After I restarted the services it suddenly worked again?!. What is going on here? Why does it sometimes work and sometimes not? (Currently I can't reproduce it). Do I have some misconfiguration in here which could lead to some strange behaviour? I'm afraid that this could happen on my LIVE system as well.
rest jax-rs wildfly resteasy wildfly-10
add a comment |
I have a strange problem which is not reproducible at the moment.
I have the following endpoints:
@Path("/v1/")
@Produces(MediaType.APPLICATION_JSON)
public class EndpointVersion1Base
{
private BackendRestClient restClient;
@EJB
public void setRestClient(BackendRestClient restClient)
{
this.restClient = restClient;
}
@Path("/dataprivacy/")
public Object getDataPrivacy()
{
return new DataPrivacyEndpoint(restClient);
}
@Path("/crashreporting/")
public Object getCrashReport()
{
return new CrashReportEndpoint(restClient);
}
}
The endpoint crashreporting has a Basic authentication. The endpoint dataprivacy has no authentication. The dataprivacy endpoint looks like this:
@Path("/")
@Produces(MediaType.APPLICATION_JSON)
public class DataPrivacyEndpoint
{
private BackendRestClient restClient;
private Logger logger = LoggerFactory.getLogger(getClass());
public DataPrivacyEndpoint(BackendRestClient restClient)
{
this.restClient = restClient;
}
public DataPrivacyEndpoint()
{
}
@POST
@Path("/")
@Consumes(MediaType.APPLICATION_JSON)
public Response storeConsent(
@NotNull(message = ErrorCodes.ERR_QUERY_PARAM_NULL) @Valid String consentInputBo) throws ForbiddenException, BadRequestException
{
//some code
}
}
I achieved the Basic Auth of the crashreporting endpoint by the following web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>publicapi</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Crash reporting</web-resource-name>
<description>crash reporting service</description>
<url-pattern>/v1/crashreporting/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>publicapi</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>UserRoles simple realm</realm-name>
</login-config>
<security-role>
<role-name>publicapi</role-name>
</security-role>
</web-app>
and jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd">
<context-root>publicapi</context-root>
<security-domain>other</security-domain>
</jboss-web>
Yesterday all this worked. Today I started the services. Suddenly, as I sent a POST request to the dataprivacy endpoint via http://192.168.0.80:8080/publicapi/v1/dataprivacy/ and I got an HTTP error response "HTTP POST is not allowed for this method".
I wondered why this happened because it worked yesterday. After I restarted the services it suddenly worked again?!. What is going on here? Why does it sometimes work and sometimes not? (Currently I can't reproduce it). Do I have some misconfiguration in here which could lead to some strange behaviour? I'm afraid that this could happen on my LIVE system as well.
rest jax-rs wildfly resteasy wildfly-10
1
This is probably not the cause of the problem, but ifDataPrivacyEndpoint
is a sub-resource class, it should not be annotated with@Path
. If it is, and you are classpath scanning for your resources, then it will be registered as a root resource class, which you don't want. also the@Path("/")
on the method is redundant and is not needed; it is already implied. See this post.
– Paul Samsotha
Nov 12 '18 at 23:27
@PaulSamsotha Thanks. I removed these parts and it is still working. I will proceed with this implementation and watch the behaviour.
– Bevor
Nov 13 '18 at 18:23
add a comment |
I have a strange problem which is not reproducible at the moment.
I have the following endpoints:
@Path("/v1/")
@Produces(MediaType.APPLICATION_JSON)
public class EndpointVersion1Base
{
private BackendRestClient restClient;
@EJB
public void setRestClient(BackendRestClient restClient)
{
this.restClient = restClient;
}
@Path("/dataprivacy/")
public Object getDataPrivacy()
{
return new DataPrivacyEndpoint(restClient);
}
@Path("/crashreporting/")
public Object getCrashReport()
{
return new CrashReportEndpoint(restClient);
}
}
The endpoint crashreporting has a Basic authentication. The endpoint dataprivacy has no authentication. The dataprivacy endpoint looks like this:
@Path("/")
@Produces(MediaType.APPLICATION_JSON)
public class DataPrivacyEndpoint
{
private BackendRestClient restClient;
private Logger logger = LoggerFactory.getLogger(getClass());
public DataPrivacyEndpoint(BackendRestClient restClient)
{
this.restClient = restClient;
}
public DataPrivacyEndpoint()
{
}
@POST
@Path("/")
@Consumes(MediaType.APPLICATION_JSON)
public Response storeConsent(
@NotNull(message = ErrorCodes.ERR_QUERY_PARAM_NULL) @Valid String consentInputBo) throws ForbiddenException, BadRequestException
{
//some code
}
}
I achieved the Basic Auth of the crashreporting endpoint by the following web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>publicapi</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Crash reporting</web-resource-name>
<description>crash reporting service</description>
<url-pattern>/v1/crashreporting/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>publicapi</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>UserRoles simple realm</realm-name>
</login-config>
<security-role>
<role-name>publicapi</role-name>
</security-role>
</web-app>
and jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd">
<context-root>publicapi</context-root>
<security-domain>other</security-domain>
</jboss-web>
Yesterday all this worked. Today I started the services. Suddenly, as I sent a POST request to the dataprivacy endpoint via http://192.168.0.80:8080/publicapi/v1/dataprivacy/ and I got an HTTP error response "HTTP POST is not allowed for this method".
I wondered why this happened because it worked yesterday. After I restarted the services it suddenly worked again?!. What is going on here? Why does it sometimes work and sometimes not? (Currently I can't reproduce it). Do I have some misconfiguration in here which could lead to some strange behaviour? I'm afraid that this could happen on my LIVE system as well.
rest jax-rs wildfly resteasy wildfly-10
I have a strange problem which is not reproducible at the moment.
I have the following endpoints:
@Path("/v1/")
@Produces(MediaType.APPLICATION_JSON)
public class EndpointVersion1Base
{
private BackendRestClient restClient;
@EJB
public void setRestClient(BackendRestClient restClient)
{
this.restClient = restClient;
}
@Path("/dataprivacy/")
public Object getDataPrivacy()
{
return new DataPrivacyEndpoint(restClient);
}
@Path("/crashreporting/")
public Object getCrashReport()
{
return new CrashReportEndpoint(restClient);
}
}
The endpoint crashreporting has a Basic authentication. The endpoint dataprivacy has no authentication. The dataprivacy endpoint looks like this:
@Path("/")
@Produces(MediaType.APPLICATION_JSON)
public class DataPrivacyEndpoint
{
private BackendRestClient restClient;
private Logger logger = LoggerFactory.getLogger(getClass());
public DataPrivacyEndpoint(BackendRestClient restClient)
{
this.restClient = restClient;
}
public DataPrivacyEndpoint()
{
}
@POST
@Path("/")
@Consumes(MediaType.APPLICATION_JSON)
public Response storeConsent(
@NotNull(message = ErrorCodes.ERR_QUERY_PARAM_NULL) @Valid String consentInputBo) throws ForbiddenException, BadRequestException
{
//some code
}
}
I achieved the Basic Auth of the crashreporting endpoint by the following web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>publicapi</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Crash reporting</web-resource-name>
<description>crash reporting service</description>
<url-pattern>/v1/crashreporting/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>publicapi</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>UserRoles simple realm</realm-name>
</login-config>
<security-role>
<role-name>publicapi</role-name>
</security-role>
</web-app>
and jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd">
<context-root>publicapi</context-root>
<security-domain>other</security-domain>
</jboss-web>
Yesterday all this worked. Today I started the services. Suddenly, as I sent a POST request to the dataprivacy endpoint via http://192.168.0.80:8080/publicapi/v1/dataprivacy/ and I got an HTTP error response "HTTP POST is not allowed for this method".
I wondered why this happened because it worked yesterday. After I restarted the services it suddenly worked again?!. What is going on here? Why does it sometimes work and sometimes not? (Currently I can't reproduce it). Do I have some misconfiguration in here which could lead to some strange behaviour? I'm afraid that this could happen on my LIVE system as well.
rest jax-rs wildfly resteasy wildfly-10
rest jax-rs wildfly resteasy wildfly-10
edited Nov 12 '18 at 23:24
Paul Samsotha
149k20284470
149k20284470
asked Nov 12 '18 at 18:56
BevorBevor
4,056852104
4,056852104
1
This is probably not the cause of the problem, but ifDataPrivacyEndpoint
is a sub-resource class, it should not be annotated with@Path
. If it is, and you are classpath scanning for your resources, then it will be registered as a root resource class, which you don't want. also the@Path("/")
on the method is redundant and is not needed; it is already implied. See this post.
– Paul Samsotha
Nov 12 '18 at 23:27
@PaulSamsotha Thanks. I removed these parts and it is still working. I will proceed with this implementation and watch the behaviour.
– Bevor
Nov 13 '18 at 18:23
add a comment |
1
This is probably not the cause of the problem, but ifDataPrivacyEndpoint
is a sub-resource class, it should not be annotated with@Path
. If it is, and you are classpath scanning for your resources, then it will be registered as a root resource class, which you don't want. also the@Path("/")
on the method is redundant and is not needed; it is already implied. See this post.
– Paul Samsotha
Nov 12 '18 at 23:27
@PaulSamsotha Thanks. I removed these parts and it is still working. I will proceed with this implementation and watch the behaviour.
– Bevor
Nov 13 '18 at 18:23
1
1
This is probably not the cause of the problem, but if
DataPrivacyEndpoint
is a sub-resource class, it should not be annotated with @Path
. If it is, and you are classpath scanning for your resources, then it will be registered as a root resource class, which you don't want. also the @Path("/")
on the method is redundant and is not needed; it is already implied. See this post.– Paul Samsotha
Nov 12 '18 at 23:27
This is probably not the cause of the problem, but if
DataPrivacyEndpoint
is a sub-resource class, it should not be annotated with @Path
. If it is, and you are classpath scanning for your resources, then it will be registered as a root resource class, which you don't want. also the @Path("/")
on the method is redundant and is not needed; it is already implied. See this post.– Paul Samsotha
Nov 12 '18 at 23:27
@PaulSamsotha Thanks. I removed these parts and it is still working. I will proceed with this implementation and watch the behaviour.
– Bevor
Nov 13 '18 at 18:23
@PaulSamsotha Thanks. I removed these parts and it is still working. I will proceed with this implementation and watch the behaviour.
– Bevor
Nov 13 '18 at 18:23
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53268421%2fwildfly-with-basic-auth-blocks-requests-with-http-post-is-not-allowed-for-this-m%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53268421%2fwildfly-with-basic-auth-blocks-requests-with-http-post-is-not-allowed-for-this-m%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
This is probably not the cause of the problem, but if
DataPrivacyEndpoint
is a sub-resource class, it should not be annotated with@Path
. If it is, and you are classpath scanning for your resources, then it will be registered as a root resource class, which you don't want. also the@Path("/")
on the method is redundant and is not needed; it is already implied. See this post.– Paul Samsotha
Nov 12 '18 at 23:27
@PaulSamsotha Thanks. I removed these parts and it is still working. I will proceed with this implementation and watch the behaviour.
– Bevor
Nov 13 '18 at 18:23