PI95717: UNCOVEREDHTTPMETHODWARNINGS AND SUPPRESSUNCOVEREDHTTPMETHODWARNI

Fixes are available

APAR status

Closed as program error.

Error description

- UncoveredHttpMethodWarnings should not show if customers
are
using Servlet 3.0 or below (currently showing all the time)

- suppressUncoveredHttpMethodWarning configuration is not
honored

- Clarify the documentation in the Knowledge Center about
what
messages would be suppressed (It will be CWWKS9122I and
CWWKS9123I)

Documentation
https://www.ibm.com/support/knowledgecenter/en/SSAW57_libert
y/co
m.ibm.websphere.liberty.autogen.nd.doc/ae/rwlp_config_webApp
lica
tion.html

Message:
https://www.ibm.com/support/knowledgecenter/en/SSAW57_libert
y/co
m.ibm.websphere.messages.liberty.doc/CWWKS.html

CWWKS9122I: For URL {0} in application {1}, the following
HTTP
methods are uncovered, and accessible: {2}
CWWKS9123I: For URL {0} in application {1}, the following
HTTP
methods are uncovered, and not accessible: {2}

Local fix

```
n/a
```

Problem summary

****************************************************************
* USERS AFFECTED:  Users who wants to suppress warning message *
*                  when deny-uncovered-http-methods element is *
*                  present in web.xml                          *
****************************************************************
* PROBLEM DESCRIPTION: suppressUncoveredHttpMethodWarning      *
*                      configuration does not work             *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
According to the Java? Servlet 3.1 specification, in section
"13.8.4.2 Handling Uncovered HTTP Methods", there is a
requirement to notify the deployer on how HTTP methods are
handled when the <deny-uncovered-http-methods/> element is
defined in the application's web.xml.

To comply with the specification, Liberty prints the following
messages in the messages.log file depending on the
configuration:

CWWKS9122I: For URL {0} in application {1}, the following HTTP
methods are uncovered, and accessible: {2}
CWWKS9123I: For URL {0} in application {1}, the following HTTP
methods are uncovered, and not accessible: {2}

There are two problems with when these messages are output.
First, the messages are printed even when the Liberty server is
configured with the servlet-3.0 feature.  Second, setting the
"suppressUncoveredHttpMethodWarning" option to true in the
webApplication configuration does not suppress the messages like
it is supposed to.

Problem conclusion

CWWKS9122I and CWWKS9123I will now only be issued when
server.xml is configured with the servlet-3.1 or higher
feature.

In addition, to avoid duplicate function, the
"suppressUncoveredHttpMethodWarning" option in the
webApplication configuration was removed, since Liberty already
has the capability to suppress any message by using the
"hideMessage" option of the logging configuration.

Users can suppress the messages by either:

1) Configuring the following in bootstrap.properties:
com.ibm.ws.logging.hideMessage=CWWKS9122I,CWWKS9123I

or...

2) Configuring the following in server.xml :
<logging hideMessage="CWWKS9122I,CWWKS9123I"/>

For more information about logging configuration, refer to
https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.i
bm.websphere.wlp.doc/ae/rwlp_logging.html.

The fix for this APAR is currently targeted for inclusion in fix
pack 18.0.0.2.  Please refer to the Recommended Updates page for
delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Temporary fix

Comments

APAR Information

APAR number
PI95717
Reported component name
LIBERTY PROFILE
Reported component ID
5724J0814
Reported release
CD0
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-03-26
Closed date
2018-05-31
Last modified date
2018-05-31

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
LIBERTY PROFILE
Fixed component ID
5724J0814

Applicable component levels

RCD0 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"CD0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
04 May 2022

Tips

PI95717: UNCOVEREDHTTPMETHODWARNINGS AND SUPPRESSUNCOVEREDHTTPMETHODWARNI

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

RCD0 PSY

Document Information

Share your feedback

Need support?