Custom error pages change responses for PUT and DELETE methods

Solution Unverified - Updated -

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 5.x
    • 6.x

Issue

  • We've configured custom error pages in our application web.xml . After the custom error pages are defined, we see the original error response codes are changed to 403 for PUT and DELETE http methods.

Resolution

  • Note the following portion from the servlet spec (JSR 315, Section 10.9.1):
 If the location of the error handler is a servlet or a JSP page:
 * The original unwrapped request and response objects created by the container are passed to the servlet or JSP page.
 * The request path and attributes are set as if a RequestDispatcher.forward to the error resource had been performed.
  • So we should expect the request to be forwarded to the error pages, which are handled by the DefaultServlet, and we should expect DefaultServlet to provide 403s for PUTs and DELETEs.
  • Options to avoid the custom error page overriding the original error response code would be:
    • Don't use a custom 405 error page
    • Extend and customize the org.apache.catalina.servlets.DefaultServlet. You would want to override its doPut/doDelete methods so that these provide a desired response instead of the 403.

Root Cause

  • Static pages are typically used for these error pages. Static pages are served by the org.apache.catalina.servlets.DefaultServlet. The doPut and doDelete method implementations of the DefaultServlet are hard-coded to provide 403 responses.
  • After a request is forwarded to an error page, a response code from the error page will override the original response code. So if PUT or DELETE get an error response and forwarded to a custom error page, you'd only get a 403 in the end from the DefaultServlet.
  • JBWEB-301

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.