Search code examples
javaazurejbossactive-directorystruts-1

HTTP method POST is not supported by this URL on JBOSS

We have to setup MS azure active directory authentication for one of our legacy application which is on Struts-1, will run on JBOSS EAP-7.

The basic setup is like this. We have a welcome file called index.html as below.

<html>
 <head>
  <title>TITLE</title>
 </head>
 <FRAMESET border=0 name=fs_rep ROWS="18%,*">
  <FRAME SRC="heading.html" NAME="HEADING">
  <FRAME SRC="logon.jsp" NAME="DISPLAY">
 </FRAMESET>
 <NOFRAMES>
  This browser does not support frames. The application cannot be displayed.
</NOFRAMES>
</html>

When the application starts user sees the login page, gives the credentials and the request goes to LoginAction class which does the LDAP verification.

We are following this link https://learn.microsoft.com/en-us/azure/active-directory/active-directory-devquickstarts-webapp-java for setting up MS AD Authetication.

We have created a basic filter in web.xml as 

<filter-name>BasicFilter</filter-name>
<url-pattern>/index.html</url-pattern>

This filter has code for authentication and redirects user to Azure login page. We have given the "Response URL" in azure as: http://localhost:8001/MyApp/index.html

This setup works fine with Weblogic server, but when I try to deploy the same on JBOSS EAP-7, it takes us to MS Azure signup page, we give credentials, the basic filter runs, and finally it shows "HTTP method POST is not supported by this URL" in the browser.

Are we on wrong track? How is POST to be supported for the URL (happens only in JBOSS)

Solution

  • It seems that HTTP method POST for .html file is not supported default on JBoss which is different from other servlet engines.

    Per my experience, I think there are some way to solve the issue.

    1. It seems like a security constraint on JBoss which may be changed via try to set the below configuration in the web.xml file of your project.

      <security-constraint>    
  <display-name>Example Security Constraint</display-name>    
  <web-resource-collection>    
     <web-resource-name>Protected Area</web-resource-name>    
     <url-pattern>/index.html</url-pattern>   
     <http-method>GET</http-method>    
     <http-method>POST</http-method>  
  </web-resource-collection>
</security-constraint>

    2. As a work around, you can try to rename your index.html to index.jsp. This will compile your HTML as a JSP run on JBoss serlvet container, and a JSP always uses the service() method and this should avoid the issue on JBoss.