Jersey REST GET is working but PUT not. The specified HTTP method is not allowed for the requested resource

Question

I've been breaking my head over this for a few days now. This little sniplet is working fine (using Jersey 2.26-b03 on Tomcat).

@GET
@Path("/{code}")
public Response update(@PathParam("code") String code) {
    System.out.println("!!!!!!!");
    return Response.status(Response.Status.OK).build();
}

curl -i -X GET http://localhost:18270/nyx/rest/servervirtueel/SVM0000
HTTP/1.1 200 OK

Followed by a bunch of Jersey tracing I enabled. But if I only change the GET to a PUT (exactly the same method, just change the annotation):

@PUT
@Path("/{code}")
public Response update(@PathParam("code") String code) {
    System.out.println("!!!!!!!");
    return Response.status(Response.Status.OK).build();
}

curl -i -X PUT http://localhost:18270/nyx/rest/servervirtueel/SVM0000
HTTP/1.1 405 Method Not Allowed

Followed by HTML telling me that the "The specified HTTP method is not allowed for the requested resource". However, POST does work (changing the annotation again).

Answer 1

It turned out that the OWASP method whitelist valve was configured on Tomcat (Catalina) level to only allow GET and POST; this is a webapp that held only SOAP services until now. You do not see this in either web.xml's or server.xml, but it's in Catalina/localhost/webappname.xml.