1. 首頁
  2. 問答
  3. 錯誤405請求方法'POST'不支持Spring Security

錯誤405請求方法'POST'不支持Spring Security

2016-03-03 208 views
0

我想用Spring安全性實現一個簡單的登錄頁面。無論我做什麼,在提交表單輸入時總是會收到錯誤Error 405 Request method 'POST' not supported

相關文件:

SecurityConfig.java:錯誤405請求方法'POST'不支持Spring Security

@Configuration 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter 
{ 
    @Autowired 
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception 
    { 
     auth.inMemoryAuthentication().withUser("admin").password("abc123").roles("ADMIN"); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception 
    { 

     http.authorizeRequests() 
       .antMatchers("/", "/thank-you", "/faq", "/legal", "/policy").permitAll() 
       .antMatchers("/admin/**").access("hasRole('ADMIN')") 
       .and().formLogin().loginPage("/login") 
       .usernameParameter("ssoId").passwordParameter("password") 
       .and().csrf() 
       .and().exceptionHandling().accessDeniedPage("/"); 
    } 
}

SecurityWebApplicationInitializer.java:我控制器

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; 

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer 
{ 

}

部分:

@RequestMapping(value = "/login", method = RequestMethod.GET) 
public ModelAndView loginPage() 
{ 
    return new ModelAndView("WEB-INF/views/login"); 
}

的pom.xml:

<dependency> 
    <groupId>org.springframework.security</groupId> 
    <artifactId>spring-security-config</artifactId> 
    <version>4.0.4.RELEASE</version> 
</dependency> 

<dependency> 
    <groupId>org.springframework.security</groupId> 
    <artifactId>spring-security-web</artifactId> 
    <version>4.0.4.RELEASE</version> 
</dependency> 

<dependency> 
     <groupId>org.springframework</groupId> 
     <artifactId>spring-webmvc</artifactId> 
     <version>4.2.5.RELEASE</version> 
</dependency> 

<dependency> 
    <groupId>org.springframework.security</groupId> 
    <artifactId>spring-security-core</artifactId> 
    <version>4.0.4.RELEASE</version> 
</dependency> 

<dependency> 
    <groupId>org.springframework</groupId> 
    <artifactId>spring-context</artifactId> 
    <version>4.2.5.RELEASE</version> 
</dependency>

的login.jsp:

<form action="/login" method="post"> 
<div> 
    <label for="j_username">Username</label> <br> 
    <input type="text" class="form-control" id="j_username" name="ssoId" required /> 
</div> 
<div> 
    <label for="j_password">Password</label> <br> 
    <input type="password" class="form-control" id="j_password" name="password" required /> 
</div> 

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" /> 

<div class="form-actions"> 
    <input type="submit" value="Log in" /> 
</div>

我認爲這個問題是一個事實,即我的$(_ csrf.parameterName}和$ {_ csrf.token}檢查時,他們都是空的。如果您需要任何其他信息,我會很樂意提供。

來源

2016-03-03 peech

回答

0

所以,我已經想通了。我做了我的問題了如下修改代碼:

web.xml我不得不添加:

<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

的login.jsp:

<form name='loginForm' action="/login" method='POST'> 
<div> 
    <label for="username">Username</label> <br> 
    <input type="text" class="form-control" id="username" name="username" required /> 
</div> 
<div> 
    <label for="password">Password</label> <br> 
    <input type="password" class="form-control" id="password" name="password" required /> 
</div> 

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" /> 

<div class="form-actions"> 
    <input type="submit" value="Log in" /> 
</div>

SecurityConfig.java:

@Override 
protected void configure(HttpSecurity http) throws Exception 
{ 
    http.authorizeRequests() 
      .antMatchers("/", "/login").permitAll() 
      .antMatchers("/admin/**").hasRole("ADMIN") 
      .and() 
      .formLogin().loginPage("/login") 
      .defaultSuccessUrl("/admin").failureUrl("/login") 
      .and() 
      .csrf(); 
}

希望它能幫助有類似需求的人。

來源

2016-03-04 11:08:04 peech

-1

登錄頁面沒有許可?

.antMatchers("/login").permitAll()

我給你一些例子的登錄頁面:

http 
    .authorizeRequests() 
    .antMatchers("/login").permitAll() 
    .antMatchers("/**").fullyAuthenticated() 
    .and() 
    .requiresChannel().anyRequest().requiresSecure().and() 
    .formLogin().loginPage("/login").defaultSuccessUrl("/main", true) 
    .failureUrl("/login.do?error") 
    .usernameParameter("username").passwordParameter("password")

來源

2016-03-03 09:31:32 FreezY

+0

感謝您的時間,但這仍然會產生完全相同的錯誤:/ – peech

+0

我得到了同樣的問題,但也不知道什麼已經解決:( 鏈接:http://stackoverflow.com/questions/ 34080594/http-405-method-not-allowed – FreezY

-1

你的表格操作指定

action="/login"

而且你的控制器

@RequestMapping(value = "/login", method = RequestMethod.GET)

我的猜測是,你的表格提交匹配到co ntroller方法,這就是爲什麼你會得到例外。

您可以嘗試在表單中更改提交網址,或者在authorizeRequests()方法中指定接受/登錄POST的方式。

來源

2016-03-03 10:52:39 Bob

+0

嘗試過 - 仍然是相同的錯誤.. – peech

+0

只要不是'RequestMethod.POST',您可以在控制器中擁有相同的URL。 – dkanejs

相關問題

 相關問題