IBM Support

PI95717: UNCOVEREDHTTPMETHODWARNINGS AND SUPPRESSUNCOVEREDHTTPMETHODWARNI

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • - UncoveredHttpMethodWarnings should not show if customers
    are
    using Servlet 3.0 or below (currently showing all the time)
    
    - suppressUncoveredHttpMethodWarning configuration is not
    honored
    
    - Clarify the documentation in the Knowledge Center about
    what
    messages would be suppressed (It will be CWWKS9122I and
    CWWKS9123I)
    
    Documentation
    https://www.ibm.com/support/knowledgecenter/en/SSAW57_libert
    y/co
    m.ibm.websphere.liberty.autogen.nd.doc/ae/rwlp_config_webApp
    lica
    tion.html
    
    Message:
    https://www.ibm.com/support/knowledgecenter/en/SSAW57_libert
    y/co
    m.ibm.websphere.messages.liberty.doc/CWWKS.html
    
    CWWKS9122I: For URL {0} in application {1}, the following
    HTTP
    methods are uncovered, and accessible: {2}
    CWWKS9123I: For URL {0} in application {1}, the following
    HTTP
    methods are uncovered, and not accessible: {2}
    

Local fix

  • n/a
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  Users who wants to suppress warning message *
    *                  when deny-uncovered-http-methods element is *
    *                  present in web.xml                          *
    ****************************************************************
    * PROBLEM DESCRIPTION: suppressUncoveredHttpMethodWarning      *
    *                      configuration does not work             *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    According to the Java? Servlet 3.1 specification, in section
    "13.8.4.2 Handling Uncovered HTTP Methods", there is a
    requirement to notify the deployer on how HTTP methods are
    handled when the <deny-uncovered-http-methods/> element is
    defined in the application's web.xml.
    
    To comply with the specification, Liberty prints the following
    messages in the messages.log file depending on the
    configuration:
    
    CWWKS9122I: For URL {0} in application {1}, the following HTTP
    methods are uncovered, and accessible: {2}
    CWWKS9123I: For URL {0} in application {1}, the following HTTP
    methods are uncovered, and not accessible: {2}
    
    There are two problems with when these messages are output.
    First, the messages are printed even when the Liberty server is
    configured with the servlet-3.0 feature.  Second, setting the
    "suppressUncoveredHttpMethodWarning" option to true in the
    webApplication configuration does not suppress the messages like
    it is supposed to.
    

Problem conclusion

  • CWWKS9122I and CWWKS9123I will now only be issued when
    server.xml is configured with the servlet-3.1 or higher
    feature.
    
    In addition, to avoid duplicate function, the
    "suppressUncoveredHttpMethodWarning" option in the
    webApplication configuration was removed, since Liberty already
    has the capability to suppress any message by using the
    "hideMessage" option of the logging configuration.
    
    Users can suppress the messages by either:
    
    1) Configuring the following in bootstrap.properties:
    com.ibm.ws.logging.hideMessage=CWWKS9122I,CWWKS9123I
    
    or...
    
    2) Configuring the following in server.xml :
    <logging hideMessage="CWWKS9122I,CWWKS9123I"/>
    
    For more information about logging configuration, refer to
    https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.i
    bm.websphere.wlp.doc/ae/rwlp_logging.html.
    
    The fix for this APAR is currently targeted for inclusion in fix
    pack 18.0.0.2.  Please refer to the Recommended Updates page for
    delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI95717

  • Reported component name

    LIBERTY PROFILE

  • Reported component ID

    5724J0814

  • Reported release

    CD0

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-03-26

  • Closed date

    2018-05-31

  • Last modified date

    2018-05-31

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    LIBERTY PROFILE

  • Fixed component ID

    5724J0814

Applicable component levels



Document information

More support for: WebSphere Application Server

Software version: CD0

Reference #: PI95717

Modified date: 31 May 2018


Translate this page: