Spring-mvc with spring security getting HTTP Status 405 - Request method 'POST' not supported
Question
If at first submit button is clicked, session is not existing then it routed to login.jsp page and flow goes fine but the problem is happening if suppose first logged in with any other permission that the submit-button cannot be routed to the desired page, and after logging in now clicked to submit-button, so in this case this should route to "authentication-failure-url="/loginFailure.web" or access denied something but it throws HTTP Status 405 - Request method 'POST' not supported
Also, In response header, can see Allow:GET why its allowing only Get here ?
In request an extra parameter being sent _csrf:e15bc9a6-66jh-4de4-b278-008e6f9a569c as such spring form add it by default, may be its causing issue ?
or please let me know any solution for this to fix it
Thanks in advance !!!!
@RequestMapping(value = "/searchCriteria.web", method = RequestMethod.POST, params = "searchButton")
public String getsearchCriteria(@ModelAttribute("rentalVO") RentalVO rental, Model model) {
List<Vehicle> vehicles;
try {
vehicles = rentalService.findVehiclesBetweenDates(rental.getStart(),rental.getEnd());
} catch (InvalidDateException e) {
model.addAttribute("message", "Booking cannot be preoceeded !! Invalid dates provided");
return "message";
}
model.addAttribute("vehicles", vehicles);
model.addAttribute("start",rental.getStart());
model.addAttribute("end",rental.getEnd());
return "bookVehicle";
}
login.jsp
<form name='loginForm'
action="<c:url value='/j_spring_security_check' />" method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username'></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' /></td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" /></td>
</tr>
</table>
<input type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}" />
</form>
spring-security.xml
<http use-expressions="true" auto-config="true">
<access-denied-handler error-page="/403" />
<intercept-url pattern="/categoryCriteria*"
access="hasAnyRole('ROLE_ADMIN','ROLE_USER','ROLE_DB')" />
<intercept-url pattern="/searchAllCriteria*" access="hasAnyRole('ROLE_ADMIN')" />
<intercept-url pattern="/searchCriteria*"
access="hasAnyRole('ROLE_ADMIN','ROLE_DB')" />
<!-- <intercept-url pattern="/bookVehicle*"
access="hasAnyRole('ROLE_ADMIN','ROLE_DB')" /> -->
<form-login login-page="/login.web" default-target-url="/login.web"
authentication-failure-url="/loginFailure.web" username-parameter="j_username"
password-parameter="j_password" login-processing-url="/j_spring_security_check" />
<logout logout-url="/j_spring_security_logout"
logout-success-url="/index.web" />
<csrf/>
<!-- <csrf disabled="true"/> -->
</http>
index.jsp
<td><form:form action="searchCriteria.web" method="post"
commandName="rental">
<b> Check the Car availability as per your time frame (Admin Db access) </b>
<br>
<br>
Start date: <form:input path="start" id="datepickerStart" />
<br>
<br>
End date: <form:input path="end" id="datepickerEnd" />
<br>
<br>
<input type="submit" value="Available Car" name="searchButton" />
</form:form></td>
</tr>
1 answers
solution1
1 2018-03-11 07:50:28
我遇到了一个问题,在这里,“提交”按钮正在对后端进行POST调用,由于用户身份验证失败,并且由于Spring Security路由到了/loginFailure.web,而处理loginFailure.web url的方法是GET方法,最终得到405。因为它甚至没有达到预期的控制器方法/searchCriteria.web,在其自身之间,它被spring security拦截并路由到其他故障验证URL。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.