idp 4 / jetty

Paul B. Henson henson at
Sun Apr 19 21:40:28 EDT 2020

I'm working on upgrading to idp 4, and also switching from tomcat to
jetty along the way. I see this warning in the logs when starting the

2020-04-19 18:30:21,801 - WARN [] - ServletContext at o.e.j.w.WebAppContext@7c51f34b{Shibboleth Identity Provider,/idp,[file:///var/lib/jetty/tmp/jetty-127_0_0_1-80-idp_war-_idp-any-8922624869478006441.dir/webinf/, jar:file:///opt/shibboleth-idp/war/idp.war!/],STARTING}{/opt/shibboleth-idp/war/idp.war} has uncovered http methods for path: /*

The idp has the following security-constraint's enabled in web.xml.
My understanding is this warning occurs because some things are
explicitly blocked, while others are implicitly allowed? And to just
ignore it. I'm not that familiar with this area and was just curious
if there was an easy way to explicitly allow the converse of what's
explicitly denied so jetty doesn't complain about it.


    <!-- Block commonly flagged methods by using an empty auth-constraint. -->
            <web-resource-name>Non-API Content</web-resource-name>

    <!-- Allow any HTTP methods to the API flows. -->
            <web-resource-name>Administrative APIs</web-resource-name>
        <!-- no auth-constraint tag here -->

Paul B. Henson  |  (909) 979-6361  |
Operating Systems and Network Analyst  |  henson at
California State Polytechnic University  |  Pomona CA 91768

More information about the users mailing list