[英]Ajax form Submit in Spring MVC with Spring Security - 405 Error
Step1: In Spring Mvc submitting the form using ajax,worked fine. 步骤1:在Spring Mvc中,使用Ajax提交表单,效果很好。
Step2: Integrating same spring MVC project with spring security(without ajax form submit in spring mvc) also worked fine. 步骤2:将相同的Spring MVC项目与spring安全性集成在一起(在spring mvc中不使用ajax表单提交)也可以正常工作。
But now when tried to integrate same (step2 project) spring MVC + Spring security and also introducing ajax form submit for spring mvc form end up with the error 405 on the browser 但是现在当试图集成相同的(step2项目)spring MVC + Spring安全性并且还为Spring mvc表单引入ajax表单提交时,最终在浏览器上出现错误405
405: method not allowed, Request method 'POST' not supported 405:方法不被允许,请求方法“ POST”不被支持
**General**
Request URL:http://localhost:8080/Springmvc-ajax-security/submitForm.web
Request Method:POST
Status Code:405 Method Not Allowed
Remote Address:[::1]:8080
**Response header**
Allow:GET
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Content-Length:1085
Content-Type:text/html
Date:Sat, 26 Mar 2016 12:12:00 GMT
Expires:0
Pragma:no-cache
Server:Apache-Coyote/1.1
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block
**Request header**
Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:117
Content-Type:application/json; charset=UTF-8
Cookie:JSESSIONID=019622188DB97DEF5F2D1AE716032C41
Host:localhost:8080
Origin:http://localhost:8080
Referer:http://localhost:8080/Springmvc-ajax-security/helloWorld.web
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
X-Requested-With:XMLHttpRequest
**Request payload**
{"studentName":"Noorus","studentBranch":"CS","studentDept":"computer","_csrf":"b68fbffe-d7a0-40eb-9edc-74d0f6408556"}
StudentController.java StudentController.java
@RequestMapping(value="/submitForm.web", method = RequestMethod.POST)
public @ResponseBody Student submittedFromData(@RequestBody Student student, HttpServletRequest request) {
return student;
}
student.jsp student.jsp
<body>
<form:form id="submitForm" action="submitForm.web" method="post"
commandName="student">
<fieldset style="width: 300px;">
<legend>Student details</legend>
<ol>
<li><label for=studentName>Student Name</label> <form:input
path="studentName" name="studentName" type="text"
placeholder="First and last name" /></li>
<li>
<p>
<label for=studentBranch>Student Branch</label>
<form:input path="studentBranch" name="studentBranch" type="text" />
</p>
</li>
<li>
<p>
<label for=studentDept>Student Department</label>
<form:input path="studentDept" name="studentDept" type="text"
required="true" />
</p>
</li>
</ol>
</fieldset>
<fieldset style="width: 300px;">
<input id="submitId" type="submit" value="Submit Form">
</fieldset>
</form:form>
</body>
<!-- <script type="text/javascript" src="resources/js/submit.js"></script> -->
<script type="text/javascript">
$(document).ready(function() {
alert("welcome to js page");
$('#submitForm').submit(function(e) {
var frm = $('#submitForm');
e.preventDefault();
var data = {}
var Form = this;
//Gather Data also remove undefined keys(buttons)
$.each(this, function(i, v){
var input = $(v);
data[input.attr("name")] = input.val();
delete data["undefined"];
});
$.ajax({
contentType : 'application/json; charset=utf-8',
type: frm.attr('method'),
url: frm.attr('action'),
dataType : 'json',
data : JSON.stringify(data),
success : function(callback){
alert("Response: Name: "+callback.studentName+" Branch: "+callback.studentBranch+" Department: "+callback.studentDept);
$(this).html("Success!");
},
error : function(){
$(this).html("Error!");
}
});
});
});
</script>
Student.java 学生.java
@Entity
@Table(name="student")
public class Student implements Serializable{
private static final long serialVersionUID = 1L;
@Id
@GeneratedValue(strategy=GenerationType.AUTO)
@Column(name="studentId")
Long studentId;
@Column(name="studentName")
String studentName;
@Column(name="studentDept")
String studentDept;
@Column(name="studentBranch")
String studentBranch;
public Student() {
super();
}
getter & setter
}
Thanks in advance 提前致谢
I had a similar issue, where I was using Ajax with Spring Security and in my case disabling the csrf worked for my security configuration. 我有一个类似的问题,我在Spring Security中使用Ajax,并且在我的情况下,禁用csrf用于我的安全配置。
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable();
}
}
your payload is sending _csrf which is like extra data in your object.{"studentName":"Noorus","studentBranch":"CS","studentDept":"computer", "_csrf":"b68fbffe-d7a0-40eb-9edc-74d0f6408556" } 您的有效负载正在发送_csrf,就像对象中的额外数据一样。{“ studentName”:“ Noorus”,“ studentBranch”:“ CS”,“ studentDept”:“计算机”, “ _csrf”:“ b68fbffe-d7a0-40eb- 9edc-74d0f6408556“ }
But if you see your model class it does not have _csrf field. 但是,如果您看到模型类,则它没有_csrf字段。 it could be the reason where request is looking for exact match method and it is not finding so it is showing 405. 这可能是请求正在寻找精确匹配方法而没有找到的原因,因此显示405。
@RequestMapping(value="/submitForm.web", method = RequestMethod.GET)
你不是说method = RequestMethod.POST
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.