Security Constraint Block in Web.xml with <http-method-omission> tags are Not Working as Expected on Weblogic 12.2.1.x version

(Doc ID 2331453.1)

Last updated on NOVEMBER 23, 2017

Applies to:

Oracle WebLogic Server - Version 12.2.1.0.0 and later
Information in this document applies to any platform.

Symptoms

The <security-constraint> block in web.xml is not working correctly in weblogic 12.2.1.x versions. More specifically, < http-method-omission> is not honored. We get error 403-forbidden for all the http methods enclosed in < http-method-omission> tags . This was working well in weblogic 12.1.3.x version.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms