Java HTTP 状态 405 - 使用 Spring Security 的 Spring MVC 不支持请求方法“POST”
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/27269383/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
HTTP Status 405 - Request method 'POST' not supported in Spring MVC with Spring Security
提问by rohi
I created a spring mvc application using freemarker template as view part. In this tried to add a model using forms.I am also using spring security Here is the code
我使用 freemarker 模板作为视图部分创建了一个 spring mvc 应用程序。在此尝试使用表单添加模型。我也在使用 spring security 这是代码
employee.ftl
员工档案
<fieldset>
<legend>Add Employee</legend>
<form name="employee" action="addEmployee" method="post">
Firstname: <input type="text" name="name" /> <br/>
Employee Code: <input type="text" name="employeeCode" /> <br/>
<input type="submit" value=" Save " />
</form>
employeeController.java
员工控制器.java
@RequestMapping(value = "/addEmployee", method = RequestMethod.POST)
public String addEmployee(@ModelAttribute("employee") Employee employee) {
employeeService.add(employee);
return "employee";
}
web.xml
网页.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- Spring MVC -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/appServlet/servlet-context.xml,
/WEB-INF/spring/springsecurity-servlet.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
Spring-security.xml
Spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http security="none" pattern="/resources/**"/>
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login" access="isAnonymous()"/>
<intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/login"
default-target-url="/"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf />
</http>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService" >
<password-encoder hash="bcrypt" />
</authentication-provider>
</authentication-manager>
</beans:beans>
When click submit button it returns error `
单击提交按钮时,它返回错误`
HTTP Status 405 - Request method 'POST' not supported
HTTP 状态 405 - 不支持请求方法“POST”
` I gave POST method on both ftl and controller. Then why would this happen?
` 我在 ftl 和控制器上都给出了 POST 方法。那为什么会出现这种情况呢?
采纳答案by crm86
I am not sure if this helps but I had the same problem.
我不确定这是否有帮助,但我遇到了同样的问题。
You are using springSecurityFilterChain with CSRF protection. That means you have to send a token when you send a form via POST request. Try to add the next input to your form:
您正在使用具有 CSRF 保护的 springSecurityFilterChain。这意味着当您通过 POST 请求发送表单时,您必须发送一个令牌。尝试将下一个输入添加到您的表单中:
<input type="hidden"
name="${_csrf.parameterName}"
value="${_csrf.token}"/>
回答by Adriaan Koster
Try to replace:
尝试替换:
action="addEmployee"
with:
和:
action="${pageContext.request.contextPath}/addEmployee"
Unless you are using Spring 3.2
除非您使用的是 Spring 3.2
EDIT after seeing XML:
看到 XML 后编辑:
Try to move servlet-context.xml to your WEB-INF directory and rename it 'appServlet-context.xml'. Then remove the line:
尝试将 servlet-context.xml 移动到您的 WEB-INF 目录并将其重命名为“appServlet-context.xml”。然后删除该行:
/WEB-INF/spring/appServlet/servlet-context.xml,
From the contextConfigLocation in your web.xml.
从 web.xml 中的 contextConfigLocation。
The convention is that the context xml file is named '[servlet-name]-context.xml' where [servlet-name] is the name of the DispatcherServlet.
约定是上下文 xml 文件被命名为“[servlet-name]-context.xml”,其中 [servlet-name] 是 DispatcherServlet 的名称。
Also try to add a '/' to your form action, so:
还尝试在表单操作中添加“/”,因此:
action="/addEmployee"
回答by rohi
I found the solution. It is because of spring security Cross Site Request Forgery (CSRF) protection. It blocks the url. So i added an extra field inside the form.
我找到了解决方案。这是因为 Spring Security 跨站点请求伪造 (CSRF) 保护。它阻止了网址。所以我在表单中添加了一个额外的字段。
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
Now it is working properly.
现在它工作正常。
回答by Shahab A
As far as I saw, the mentioned solutions didn't work for latest SpringSecurity. Instead of passing through with hidden you can also send it through the action URL like below:
据我所知,上述解决方案不适用于最新的 SpringSecurity。除了通过 hidden 传递之外,您还可以通过如下所示的操作 URL 发送它:
<form method="post" action="doUpload?${_csrf.parameterName}=${_csrf.token}" enctype="multipart/form-data">
回答by Great Michael
This works for me:
这对我有用:
.and().csrf().disable();
another solution (but every form)
另一种解决方案(但每种形式)
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
