IBM Support

PI37497: APPLICATION RUNTIME FAILED WITH HTTP METHOD PUT IS NOT SUPPORTED BY THIS URL

Fixes are available

8.5.5.6: WebSphere Application Server V8.5.5 Fix Pack 6
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • We have a problem with an application that uses HTTP PUT
    requests. The application currently runs in two environments.
    In one environment the application works, in the other
    environment PUT requests fail with the following error message:
    
    405 Http method PUT is not supported by this URL
    
    The server where the application works runs with WAS 8.5.5.2,
    the server that has the error runs with WAS 8.5.5.4.
    
    
    000001cd DefaultMethod 3   Requested
    resource is UNPROTECTED.  method:PUT JSP:null Static:TRUE
    [2/16/15 15:09:49:161 GMT] 000001cd DefaultMethod 3
    createReplyForStatic  method=PUT
    [2/16/15 15:09:49:161 GMT] 000001cd DefaultMethod 3
    createReplyForStatic
    reply=com.ibm.ws.security.web.MethodNotAllowedReply@98d8a580
    
    [2/16/15 15:09:49:161 GMT] 000001cd collaborator  1
    com.ibm.wsspi.webcontainer.collaborator.CollaboratorHelper
    processSecurityPreInvokeException
    SecurityCollaboratorHelper.processPreInvokeException():
    WebSecurityException thrown
    (com.ibm.wsspi.webcontainer.security.SecurityViolationException:
    Http method PUT is not supported by this URL).  HTTP status
    code: 405resource : null
    
    
    000001cd EJSWebCollabo >  handleException
    Entry
    
    com.ibm.ws.webcontainer.srt.SRTServletRequest@91af22ed
    
    com.ibm.ws.webcontainer.srt.SRTServletResponse@da2cf1da
    
    com.ibm.ws.security.web.WebSecurityException: Http method PUT
    is not supported by this URL
        at
    com.ibm.ws.security.web.EJSWebCollaborator.preInvoke(EJSWebColla
    borator.java:441)
        at
    com.ibm.ws.webcontainer.collaborator.WebAppSecurityCollaboratorI
    mpl.preInvoke(WebAppSecurityCollaboratorImpl.java:230)
    

Local fix

  • [2/10/15 14:03:44:142 GMT] 00001617 SecurityConfi >
    getPropertyBool
    id=com.ibm.ws.security.web.protectDefaultMethods default=true
    (admin)
    Entry
    
    set this property as custom and mark it
    with "false"?
    
    com.ibm.ws.security.web.protectDefaultMethods=false
    
    This property to set at
    
    Global security > Custom properties
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server who send a PUT request to an         *
    *                  Unprotected URI                             *
    ****************************************************************
    * PROBLEM DESCRIPTION: An http PUT request for an unprotected  *
    *                      URI is incorrectly denied.              *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    WebSphere Application Server incorrectly denies an http PUT
    request to an unprotected URI.
    

Problem conclusion

Temporary fix

  • NOTE TO REVIEWER (PLEASE DELETE AFTER REVIEW)
    This apar is approved for inclusion into 8.5.5.6 (instead of
    8.5.5.7) so I updated the target fixpack.  Thank you.
    

Comments

APAR Information

  • APAR number

    PI37497

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-03-20

  • Closed date

    2015-06-03

  • Last modified date

    2015-06-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R700 PSY

       UP

  • R800 PSY

       UP

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
27 April 2022