问题:
不支持 Spring 安全请求方法“POST”
凤衡
具有状态405和身份验证的页面不工作。
来自 Spring 引导日志的错误
o.s.web.servlet.不支持请求方法POST
jsp页面出错:
白标错误页面
该应用程序没有针对/error的显式映射,因此您可以将它视为一个后备。
出现意外错误(类型=不允许方法,状态=405)。不支持请求方法“POST”
Spring信息:
-使用Spring Security 3.2.5
-使用SpringBoot App启动服务器
-Spring Java配置
代码:
SecurityConfig.java
@EnableAutoConfiguration
@ComponentScan(basePackages = { "org.myakasha.crm","org.myakasha.crm.controller","org.myakasha.crm.model"})
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
DataSource dataSource;
@Autowired
public void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select username,password, enabled from users where username=?")
.authoritiesByUsernameQuery("select username, role from user_roles where username=?");
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
.and()
.formLogin().loginPage("/login").failureUrl("/login?error").usernameParameter("username").passwordParameter("password")
.and()
.logout().logoutSuccessUrl("/login?logout")
.and()
.exceptionHandling().accessDeniedPage("/403")
.and()
.csrf();
}
}
SecurityController.java
@Controller
public class SecurityController {
@RequestMapping(value = { "/welcome**" }, method = RequestMethod.GET)
public ModelAndView defaultPage() {
ModelAndView model = new ModelAndView();
model.addObject("title", "Spring Security + Hibernate Example");
model.addObject("message", "This is default page!");
model.setViewName("hello");
return model;
}
@RequestMapping(value = "/admin**", method = RequestMethod.GET)
public ModelAndView adminPage() {
ModelAndView model = new ModelAndView();
model.addObject("title", "Spring Security + Hibernate Example");
model.addObject("message", "This page is for ROLE_ADMIN only!");
model.setViewName("admin");
return model;
}
@RequestMapping(value = "/login", method = {RequestMethod.GET} )
public ModelAndView login(@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout, HttpServletRequest request) {
ModelAndView model = new ModelAndView();
if (error != null) {
model.addObject("error", getErrorMessage(request, "SPRING_SECURITY_LAST_EXCEPTION"));
}
if (logout != null) {
model.addObject("msg", "You've been logged out successfully.");
}
model.setViewName("login");
return model;
}
// customize the error message
private String getErrorMessage(HttpServletRequest request, String key) {
Exception exception = (Exception) request.getSession().getAttribute(key);
String error = "";
if (exception instanceof BadCredentialsException) {
error = "Invalid username and password!";
} else if (exception instanceof LockedException) {
error = exception.getMessage();
} else {
error = "Invalid username and password!";
}
return error;
}
// for 403 access denied page
@RequestMapping(value = "/403", method = RequestMethod.GET)
public ModelAndView accesssDenied() {
ModelAndView model = new ModelAndView();
// check if user is login
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (!(auth instanceof AnonymousAuthenticationToken)) {
UserDetails userDetail = (UserDetails) auth.getPrincipal();
System.out.println(userDetail);
model.addObject("username", userDetail.getUsername());
}
model.setViewName("403");
return model;
}
}
WebConfig.java
@EnableAutoConfiguration
@EnableWebMvc
@ComponentScan(basePackages = {"org.myakasha.crm","org.myakasha.crm.controller","org.myakasha.crm.model"})
public class WebConfig extends WebMvcConfigurerAdapter{
@Override
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**").addResourceLocations("/resources/");
}
/**
* This function to replace servlet-content.xml
* Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory
**/
@Bean
public InternalResourceViewResolver getInternalResourceViewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver .setPrefix("/WEB-INF/views/");
viewResolver .setSuffix(".jsp");
return viewResolver ;
}
@Bean
public MessageSource messageSource() {
ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource();
messageSource.setBasenames("classpath:message");
messageSource.setUseCodeAsDefaultMessage(true);
messageSource.setDefaultEncoding("UTF-8");
return messageSource;
}
}
PersistenceConfig.java
@Configuration
@EnableTransactionManagement
@PropertySource({ "classpath:persistence-mysql.properties" })
@ComponentScan({ "org.myakasha.crm" })
public class PersistenceConfig {
@Autowired
private Environment env;
public PersistenceConfig() {
super();
}
@Bean
public LocalSessionFactoryBean sessionFactory() {
final LocalSessionFactoryBean sessionFactory = new LocalSessionFactoryBean();
sessionFactory.setDataSource(restDataSource());
sessionFactory.setPackagesToScan(new String[] { "org.myakasha.crm.model" });
sessionFactory.setHibernateProperties(hibernateProperties());
return sessionFactory;
}
@Bean
public DataSource restDataSource() {
final BasicDataSource dataSource = new BasicDataSource();
dataSource.setDriverClassName(Preconditions.checkNotNull(env.getProperty("jdbc.driverClassName")));
dataSource.setUrl(Preconditions.checkNotNull(env.getProperty("jdbc.url")));
dataSource.setUsername(Preconditions.checkNotNull(env.getProperty("jdbc.user")));
dataSource.setPassword(Preconditions.checkNotNull(env.getProperty("jdbc.pass")));
return dataSource;
}
@Bean
@Autowired
public HibernateTransactionManager transactionManager(final SessionFactory sessionFactory) {
final HibernateTransactionManager txManager = new HibernateTransactionManager();
txManager.setSessionFactory(sessionFactory);
return txManager;
}
@Bean
public PersistenceExceptionTranslationPostProcessor exceptionTranslation() {
return new PersistenceExceptionTranslationPostProcessor();
}
final Properties hibernateProperties() {
final Properties hibernateProperties = new Properties();
hibernateProperties.setProperty("hibernate.hbm2ddl.auto", env.getProperty("hibernate.hbm2ddl.auto"));
hibernateProperties.setProperty("hibernate.dialect", env.getProperty("hibernate.dialect"));
hibernateProperties.setProperty("hibernate.show_sql", "true");
// hibernateProperties.setProperty("hibernate.format_sql", "true");
// hibernateProperties.setProperty("hibernate.globally_quoted_identifiers", "true");
return hibernateProperties;
}
}
共有2个答案
程皓轩
似乎您已经启用了CSRF。您可以检查是否以表单形式传递CSRF令牌吗?如果没有,请将以下行添加到您的表单中。
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
严宏旷
尝试将login-processing-url添加到SecurityConfig
在XML中,它看起来像这样
<form-login
login-page="/login"
<!-- for <form method="post" action="/login-process"> -->
login-processing-url="/login_process"
default-target-url="/home"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
类似资料:
-
我试图用Spring security实现一个简单的登录页面。无论我做什么,当提交表单输入时,我总是得到一个错误< code > Error 405 Request method ' POST ' supported 。相关文件:< br> SecurityConfig.java: SecurityWebApplicationInitializer.java: 我的控制器的一部分: 绒球.xml:
-
我正在编写一个控制器来处理来自AJAX的帖子。我一直收到一个错误,那篇文章不受支持。我以前在尝试创建后控制器方法时从未遇到过以下错误,我希望有人能发现我在哪里搞砸了。 这是我为控制控制器中的帖子而编写的方法: 使用JQuery 1.10,这是请求它的Ajax调用: 我知道POST地址是正确的,因为将它转换成GET请求就可以了。此外,我还编写了其他POST请求,它们在同一个控制器类中也能正常工作。任
-
login.jsp 用户列表.jsp AppController.java 有2页:login.jsp-起始页,其中包括与登录和密码填充的形式-userlist.jsp结果列表“显示数据库中所有用户持久化”..首先显示登录页面,当我单击提交按钮时,我得到了这个错误:org . spring framework . web . servlet . pagenotfound-不支持请求方法“POST”
-
我试图在这里输入代码`@RequestMapping(value=“/test”,method=RequestMethod.POST),但错误代码为 网状物xml是 springmvc.xmlindex.jsp I input submit botton brower为错误HTTP Status 405-请求方法'GET'不受支持类型状态报告消息请求方法'GET'不受支持描述指定的HTTP方法不允
-
如何解决这个问题?
-
属性: 这是一个简单的mvc控制器类,我在其中发布请求以在资源/静态文件夹中获取index.html页面。每当我从rest客户端或html表单发送发布请求时,我都会收到错误-“不支持请求方法'POST'”。当我将“请求方法”更改为“请求方法”时。POST”改为“请求方法”。GET”它可以正常工作。