deny-uncovered-http-methods in Servlet 3.1