I don't know what is going on in your case. I can mention a case where I saw this message on my project. Another developer put security roles in web.xml on jsp files in certain directories. That sounded like a reasonable solution. The problem is that since we use tiles, certain tiles on the page (like the header tile) have already been rendered by the time the jsp is accessed. When the jsp was accessed the container tried to redirect to an error page but since part of the response has already been committed we got this error message instead.