Wildfly with Basic Auth blocks requests with HTTP POST is not allowed for this method












0















I have a strange problem which is not reproducible at the moment.
I have the following endpoints:



@Path("/v1/")
@Produces(MediaType.APPLICATION_JSON)
public class EndpointVersion1Base
{
private BackendRestClient restClient;


@EJB
public void setRestClient(BackendRestClient restClient)
{
this.restClient = restClient;
}


@Path("/dataprivacy/")
public Object getDataPrivacy()
{
return new DataPrivacyEndpoint(restClient);
}

@Path("/crashreporting/")
public Object getCrashReport()
{
return new CrashReportEndpoint(restClient);
}
}


The endpoint crashreporting has a Basic authentication. The endpoint dataprivacy has no authentication. The dataprivacy endpoint looks like this:



@Path("/")
@Produces(MediaType.APPLICATION_JSON)
public class DataPrivacyEndpoint
{
private BackendRestClient restClient;

private Logger logger = LoggerFactory.getLogger(getClass());

public DataPrivacyEndpoint(BackendRestClient restClient)
{
this.restClient = restClient;
}

public DataPrivacyEndpoint()
{
}

@POST
@Path("/")
@Consumes(MediaType.APPLICATION_JSON)
public Response storeConsent(
@NotNull(message = ErrorCodes.ERR_QUERY_PARAM_NULL) @Valid String consentInputBo) throws ForbiddenException, BadRequestException
{
//some code
}
}


I achieved the Basic Auth of the crashreporting endpoint by the following web.xml



<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>publicapi</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Crash reporting</web-resource-name>
<description>crash reporting service</description>
<url-pattern>/v1/crashreporting/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>publicapi</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>UserRoles simple realm</realm-name>
</login-config>
<security-role>
<role-name>publicapi</role-name>
</security-role>
</web-app>


and jboss-web.xml



<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd">
<context-root>publicapi</context-root>
<security-domain>other</security-domain>
</jboss-web>


Yesterday all this worked. Today I started the services. Suddenly, as I sent a POST request to the dataprivacy endpoint via http://192.168.0.80:8080/publicapi/v1/dataprivacy/ and I got an HTTP error response "HTTP POST is not allowed for this method".
I wondered why this happened because it worked yesterday. After I restarted the services it suddenly worked again?!. What is going on here? Why does it sometimes work and sometimes not? (Currently I can't reproduce it). Do I have some misconfiguration in here which could lead to some strange behaviour? I'm afraid that this could happen on my LIVE system as well.










share|improve this question




















  • 1





    This is probably not the cause of the problem, but if DataPrivacyEndpoint is a sub-resource class, it should not be annotated with @Path. If it is, and you are classpath scanning for your resources, then it will be registered as a root resource class, which you don't want. also the @Path("/") on the method is redundant and is not needed; it is already implied. See this post.

    – Paul Samsotha
    Nov 12 '18 at 23:27











  • @PaulSamsotha Thanks. I removed these parts and it is still working. I will proceed with this implementation and watch the behaviour.

    – Bevor
    Nov 13 '18 at 18:23
















0















I have a strange problem which is not reproducible at the moment.
I have the following endpoints:



@Path("/v1/")
@Produces(MediaType.APPLICATION_JSON)
public class EndpointVersion1Base
{
private BackendRestClient restClient;


@EJB
public void setRestClient(BackendRestClient restClient)
{
this.restClient = restClient;
}


@Path("/dataprivacy/")
public Object getDataPrivacy()
{
return new DataPrivacyEndpoint(restClient);
}

@Path("/crashreporting/")
public Object getCrashReport()
{
return new CrashReportEndpoint(restClient);
}
}


The endpoint crashreporting has a Basic authentication. The endpoint dataprivacy has no authentication. The dataprivacy endpoint looks like this:



@Path("/")
@Produces(MediaType.APPLICATION_JSON)
public class DataPrivacyEndpoint
{
private BackendRestClient restClient;

private Logger logger = LoggerFactory.getLogger(getClass());

public DataPrivacyEndpoint(BackendRestClient restClient)
{
this.restClient = restClient;
}

public DataPrivacyEndpoint()
{
}

@POST
@Path("/")
@Consumes(MediaType.APPLICATION_JSON)
public Response storeConsent(
@NotNull(message = ErrorCodes.ERR_QUERY_PARAM_NULL) @Valid String consentInputBo) throws ForbiddenException, BadRequestException
{
//some code
}
}


I achieved the Basic Auth of the crashreporting endpoint by the following web.xml



<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>publicapi</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Crash reporting</web-resource-name>
<description>crash reporting service</description>
<url-pattern>/v1/crashreporting/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>publicapi</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>UserRoles simple realm</realm-name>
</login-config>
<security-role>
<role-name>publicapi</role-name>
</security-role>
</web-app>


and jboss-web.xml



<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd">
<context-root>publicapi</context-root>
<security-domain>other</security-domain>
</jboss-web>


Yesterday all this worked. Today I started the services. Suddenly, as I sent a POST request to the dataprivacy endpoint via http://192.168.0.80:8080/publicapi/v1/dataprivacy/ and I got an HTTP error response "HTTP POST is not allowed for this method".
I wondered why this happened because it worked yesterday. After I restarted the services it suddenly worked again?!. What is going on here? Why does it sometimes work and sometimes not? (Currently I can't reproduce it). Do I have some misconfiguration in here which could lead to some strange behaviour? I'm afraid that this could happen on my LIVE system as well.










share|improve this question




















  • 1





    This is probably not the cause of the problem, but if DataPrivacyEndpoint is a sub-resource class, it should not be annotated with @Path. If it is, and you are classpath scanning for your resources, then it will be registered as a root resource class, which you don't want. also the @Path("/") on the method is redundant and is not needed; it is already implied. See this post.

    – Paul Samsotha
    Nov 12 '18 at 23:27











  • @PaulSamsotha Thanks. I removed these parts and it is still working. I will proceed with this implementation and watch the behaviour.

    – Bevor
    Nov 13 '18 at 18:23














0












0








0








I have a strange problem which is not reproducible at the moment.
I have the following endpoints:



@Path("/v1/")
@Produces(MediaType.APPLICATION_JSON)
public class EndpointVersion1Base
{
private BackendRestClient restClient;


@EJB
public void setRestClient(BackendRestClient restClient)
{
this.restClient = restClient;
}


@Path("/dataprivacy/")
public Object getDataPrivacy()
{
return new DataPrivacyEndpoint(restClient);
}

@Path("/crashreporting/")
public Object getCrashReport()
{
return new CrashReportEndpoint(restClient);
}
}


The endpoint crashreporting has a Basic authentication. The endpoint dataprivacy has no authentication. The dataprivacy endpoint looks like this:



@Path("/")
@Produces(MediaType.APPLICATION_JSON)
public class DataPrivacyEndpoint
{
private BackendRestClient restClient;

private Logger logger = LoggerFactory.getLogger(getClass());

public DataPrivacyEndpoint(BackendRestClient restClient)
{
this.restClient = restClient;
}

public DataPrivacyEndpoint()
{
}

@POST
@Path("/")
@Consumes(MediaType.APPLICATION_JSON)
public Response storeConsent(
@NotNull(message = ErrorCodes.ERR_QUERY_PARAM_NULL) @Valid String consentInputBo) throws ForbiddenException, BadRequestException
{
//some code
}
}


I achieved the Basic Auth of the crashreporting endpoint by the following web.xml



<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>publicapi</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Crash reporting</web-resource-name>
<description>crash reporting service</description>
<url-pattern>/v1/crashreporting/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>publicapi</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>UserRoles simple realm</realm-name>
</login-config>
<security-role>
<role-name>publicapi</role-name>
</security-role>
</web-app>


and jboss-web.xml



<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd">
<context-root>publicapi</context-root>
<security-domain>other</security-domain>
</jboss-web>


Yesterday all this worked. Today I started the services. Suddenly, as I sent a POST request to the dataprivacy endpoint via http://192.168.0.80:8080/publicapi/v1/dataprivacy/ and I got an HTTP error response "HTTP POST is not allowed for this method".
I wondered why this happened because it worked yesterday. After I restarted the services it suddenly worked again?!. What is going on here? Why does it sometimes work and sometimes not? (Currently I can't reproduce it). Do I have some misconfiguration in here which could lead to some strange behaviour? I'm afraid that this could happen on my LIVE system as well.










share|improve this question
















I have a strange problem which is not reproducible at the moment.
I have the following endpoints:



@Path("/v1/")
@Produces(MediaType.APPLICATION_JSON)
public class EndpointVersion1Base
{
private BackendRestClient restClient;


@EJB
public void setRestClient(BackendRestClient restClient)
{
this.restClient = restClient;
}


@Path("/dataprivacy/")
public Object getDataPrivacy()
{
return new DataPrivacyEndpoint(restClient);
}

@Path("/crashreporting/")
public Object getCrashReport()
{
return new CrashReportEndpoint(restClient);
}
}


The endpoint crashreporting has a Basic authentication. The endpoint dataprivacy has no authentication. The dataprivacy endpoint looks like this:



@Path("/")
@Produces(MediaType.APPLICATION_JSON)
public class DataPrivacyEndpoint
{
private BackendRestClient restClient;

private Logger logger = LoggerFactory.getLogger(getClass());

public DataPrivacyEndpoint(BackendRestClient restClient)
{
this.restClient = restClient;
}

public DataPrivacyEndpoint()
{
}

@POST
@Path("/")
@Consumes(MediaType.APPLICATION_JSON)
public Response storeConsent(
@NotNull(message = ErrorCodes.ERR_QUERY_PARAM_NULL) @Valid String consentInputBo) throws ForbiddenException, BadRequestException
{
//some code
}
}


I achieved the Basic Auth of the crashreporting endpoint by the following web.xml



<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>publicapi</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Crash reporting</web-resource-name>
<description>crash reporting service</description>
<url-pattern>/v1/crashreporting/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>publicapi</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>UserRoles simple realm</realm-name>
</login-config>
<security-role>
<role-name>publicapi</role-name>
</security-role>
</web-app>


and jboss-web.xml



<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd">
<context-root>publicapi</context-root>
<security-domain>other</security-domain>
</jboss-web>


Yesterday all this worked. Today I started the services. Suddenly, as I sent a POST request to the dataprivacy endpoint via http://192.168.0.80:8080/publicapi/v1/dataprivacy/ and I got an HTTP error response "HTTP POST is not allowed for this method".
I wondered why this happened because it worked yesterday. After I restarted the services it suddenly worked again?!. What is going on here? Why does it sometimes work and sometimes not? (Currently I can't reproduce it). Do I have some misconfiguration in here which could lead to some strange behaviour? I'm afraid that this could happen on my LIVE system as well.







rest jax-rs wildfly resteasy wildfly-10






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 12 '18 at 23:24









Paul Samsotha

149k20284470




149k20284470










asked Nov 12 '18 at 18:56









BevorBevor

4,056852104




4,056852104








  • 1





    This is probably not the cause of the problem, but if DataPrivacyEndpoint is a sub-resource class, it should not be annotated with @Path. If it is, and you are classpath scanning for your resources, then it will be registered as a root resource class, which you don't want. also the @Path("/") on the method is redundant and is not needed; it is already implied. See this post.

    – Paul Samsotha
    Nov 12 '18 at 23:27











  • @PaulSamsotha Thanks. I removed these parts and it is still working. I will proceed with this implementation and watch the behaviour.

    – Bevor
    Nov 13 '18 at 18:23














  • 1





    This is probably not the cause of the problem, but if DataPrivacyEndpoint is a sub-resource class, it should not be annotated with @Path. If it is, and you are classpath scanning for your resources, then it will be registered as a root resource class, which you don't want. also the @Path("/") on the method is redundant and is not needed; it is already implied. See this post.

    – Paul Samsotha
    Nov 12 '18 at 23:27











  • @PaulSamsotha Thanks. I removed these parts and it is still working. I will proceed with this implementation and watch the behaviour.

    – Bevor
    Nov 13 '18 at 18:23








1




1





This is probably not the cause of the problem, but if DataPrivacyEndpoint is a sub-resource class, it should not be annotated with @Path. If it is, and you are classpath scanning for your resources, then it will be registered as a root resource class, which you don't want. also the @Path("/") on the method is redundant and is not needed; it is already implied. See this post.

– Paul Samsotha
Nov 12 '18 at 23:27





This is probably not the cause of the problem, but if DataPrivacyEndpoint is a sub-resource class, it should not be annotated with @Path. If it is, and you are classpath scanning for your resources, then it will be registered as a root resource class, which you don't want. also the @Path("/") on the method is redundant and is not needed; it is already implied. See this post.

– Paul Samsotha
Nov 12 '18 at 23:27













@PaulSamsotha Thanks. I removed these parts and it is still working. I will proceed with this implementation and watch the behaviour.

– Bevor
Nov 13 '18 at 18:23





@PaulSamsotha Thanks. I removed these parts and it is still working. I will proceed with this implementation and watch the behaviour.

– Bevor
Nov 13 '18 at 18:23












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53268421%2fwildfly-with-basic-auth-blocks-requests-with-http-post-is-not-allowed-for-this-m%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53268421%2fwildfly-with-basic-auth-blocks-requests-with-http-post-is-not-allowed-for-this-m%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Full-time equivalent

さくらももこ

13 indicted, 8 arrested in Calif. drug cartel investigation