不支持彈簧安全請求方法'POST'

Question

狀態爲405並且身份驗證也不起作用的頁面不起作用。

從春天啓動錯誤日誌

osweb.servlet.PageNotFound：請求方法 'POST' 不支持

從jsp頁面錯誤：

白標錯誤頁面

此應用程序沒有顯式映射/錯誤，因此您將此視爲後備。

有一個意外的錯誤（type = Method Not Allowed，status = 405）。 請求方法 'POST' 不支持

春的信息：
- 以Spring Security 3.2.5
- 使用Spring引導應用啓動服務器。
- Spring的Java-Config中

代碼：

SecurityConfig.java

@EnableAutoConfiguration 
@ComponentScan(basePackages = { "org.myakasha.crm","org.myakasha.crm.controller","org.myakasha.crm.model"}) 
@EnableWebSecurity 

public class SecurityConfig extends WebSecurityConfigurerAdapter{ 

@Autowired 
DataSource dataSource; 

@Autowired 
public void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception { 

    auth.jdbcAuthentication().dataSource(dataSource) 
     .usersByUsernameQuery("select username,password, enabled from users where username=?") 
     .authoritiesByUsernameQuery("select username, role from user_roles where username=?"); 
} 

@Override 
public void configure(WebSecurity web) throws Exception { 
    web.ignoring().antMatchers("/resources/**"); 
} 


@Override 
protected void configure(HttpSecurity http) throws Exception { 

    http.authorizeRequests() 
     .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')") 
     .and() 
      .formLogin().loginPage("/login").failureUrl("/login?error").usernameParameter("username").passwordParameter("password") 
     .and() 
      .logout().logoutSuccessUrl("/login?logout") 
     .and() 
      .exceptionHandling().accessDeniedPage("/403") 
     .and() 
      .csrf(); 

    } 
} 

SecurityController.java

@Controller 
public class SecurityController { 

@RequestMapping(value = { "/welcome**" }, method = RequestMethod.GET) 
public ModelAndView defaultPage() { 

    ModelAndView model = new ModelAndView(); 
    model.addObject("title", "Spring Security + Hibernate Example"); 
    model.addObject("message", "This is default page!"); 
    model.setViewName("hello"); 
    return model; 

} 

@RequestMapping(value = "/admin**", method = RequestMethod.GET) 
public ModelAndView adminPage() { 

    ModelAndView model = new ModelAndView(); 
    model.addObject("title", "Spring Security + Hibernate Example"); 
    model.addObject("message", "This page is for ROLE_ADMIN only!"); 
    model.setViewName("admin"); 

    return model; 

} 

@RequestMapping(value = "/login", method = {RequestMethod.GET}) 
public ModelAndView login(@RequestParam(value = "error", required = false) String error, 
     @RequestParam(value = "logout", required = false) String logout, HttpServletRequest request) { 

    ModelAndView model = new ModelAndView(); 
    if (error != null) { 
     model.addObject("error", getErrorMessage(request, "SPRING_SECURITY_LAST_EXCEPTION")); 
    } 

    if (logout != null) { 
     model.addObject("msg", "You've been logged out successfully."); 
    } 
    model.setViewName("login"); 

    return model; 

} 

// customize the error message 
private String getErrorMessage(HttpServletRequest request, String key) { 

    Exception exception = (Exception) request.getSession().getAttribute(key); 

    String error = ""; 
    if (exception instanceof BadCredentialsException) { 
     error = "Invalid username and password!"; 
    } else if (exception instanceof LockedException) { 
     error = exception.getMessage(); 
    } else { 
     error = "Invalid username and password!"; 
    } 

    return error; 
} 

// for 403 access denied page 
@RequestMapping(value = "/403", method = RequestMethod.GET) 
public ModelAndView accesssDenied() { 

    ModelAndView model = new ModelAndView(); 

    // check if user is login 
    Authentication auth = SecurityContextHolder.getContext().getAuthentication(); 
    if (!(auth instanceof AnonymousAuthenticationToken)) { 
     UserDetails userDetail = (UserDetails) auth.getPrincipal(); 
     System.out.println(userDetail); 

     model.addObject("username", userDetail.getUsername()); 

    } 

    model.setViewName("403"); 
    return model; 

    } 
} 

WebConfig.java

@EnableAutoConfiguration 
@EnableWebMvc 
@ComponentScan(basePackages = {"org.myakasha.crm","org.myakasha.crm.controller","org.myakasha.crm.model"}) 
public class WebConfig extends WebMvcConfigurerAdapter{ 

@Override 
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) { 
    configurer.enable(); 
} 

@Override 
public void addResourceHandlers(ResourceHandlerRegistry registry) { 
    registry.addResourceHandler("/resources/**").addResourceLocations("/resources/"); 
} 


/** 
* This function to replace servlet-content.xml 
* Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory 
**/ 
@Bean 
public InternalResourceViewResolver getInternalResourceViewResolver() { 
    InternalResourceViewResolver viewResolver = new InternalResourceViewResolver(); 
    viewResolver .setPrefix("/WEB-INF/views/"); 
    viewResolver .setSuffix(".jsp"); 
    return viewResolver ; 
} 

@Bean 
public MessageSource messageSource() { 
    ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource(); 
    messageSource.setBasenames("classpath:message"); 
    messageSource.setUseCodeAsDefaultMessage(true); 
    messageSource.setDefaultEncoding("UTF-8"); 
    return messageSource; 
    } 
} 

PersistenceConfig.java

@Configuration 
@EnableTransactionManagement 
@PropertySource({ "classpath:persistence-mysql.properties" }) 
@ComponentScan({ "org.myakasha.crm" }) 
public class PersistenceConfig { 

@Autowired 
private Environment env; 

public PersistenceConfig() { 
    super(); 
} 

@Bean 
public LocalSessionFactoryBean sessionFactory() { 
    final LocalSessionFactoryBean sessionFactory = new LocalSessionFactoryBean(); 
    sessionFactory.setDataSource(restDataSource()); 
    sessionFactory.setPackagesToScan(new String[] { "org.myakasha.crm.model" }); 
    sessionFactory.setHibernateProperties(hibernateProperties()); 

    return sessionFactory; 
} 

@Bean 
public DataSource restDataSource() { 
    final BasicDataSource dataSource = new BasicDataSource(); 
    dataSource.setDriverClassName(Preconditions.checkNotNull(env.getProperty("jdbc.driverClassName"))); 
    dataSource.setUrl(Preconditions.checkNotNull(env.getProperty("jdbc.url"))); 
    dataSource.setUsername(Preconditions.checkNotNull(env.getProperty("jdbc.user"))); 
    dataSource.setPassword(Preconditions.checkNotNull(env.getProperty("jdbc.pass"))); 

    return dataSource; 
} 

@Bean 
@Autowired 
public HibernateTransactionManager transactionManager(final SessionFactory sessionFactory) { 
    final HibernateTransactionManager txManager = new HibernateTransactionManager(); 
    txManager.setSessionFactory(sessionFactory); 

    return txManager; 
} 

@Bean 
public PersistenceExceptionTranslationPostProcessor exceptionTranslation() { 
    return new PersistenceExceptionTranslationPostProcessor(); 
} 

final Properties hibernateProperties() { 
    final Properties hibernateProperties = new Properties(); 
    hibernateProperties.setProperty("hibernate.hbm2ddl.auto", env.getProperty("hibernate.hbm2ddl.auto")); 
    hibernateProperties.setProperty("hibernate.dialect", env.getProperty("hibernate.dialect")); 

    hibernateProperties.setProperty("hibernate.show_sql", "true"); 
    // hibernateProperties.setProperty("hibernate.format_sql", "true"); 
    // hibernateProperties.setProperty("hibernate.globally_quoted_identifiers", "true"); 

    return hibernateProperties; 
    } 
} 

Answer 1

嘗試登錄處理的URL添加到SecurityConfig

在XML它看起來像這樣

<form-login 
        login-page="/login" 

<!-- for <form method="post" action="/login-process"> --> 
        login-processing-url="/login_process" 

        default-target-url="/home" 
        authentication-failure-url="/login?error" 
        username-parameter="username" 
        password-parameter="password" /> 

Answer 2

它似乎是你已啓用CSRF。你能否檢查你是否在表單中傳遞CSRF令牌。如果不是，請將以下行添加到您的表單中。

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>