【问题标题】:405 Method Not Allowed for HTTP POST in Spring 3.1Spring 3.1 中的 HTTP POST 不允许使用 405 方法
【发布时间】:2014-03-29 16:50:14
【问题描述】:

我有使用 Spring-Security 的带有 REST API 的 Spring 应用程序。问题是某些 POST 函数有时会通过返回 200 OK 正常工作,然后开始给我“405 Method Not Allowed”响应。这很奇怪,因为在我进行摘要身份验证后,前几个调用正常(200 OK),然后其余的返回 405。

这是我的配置:

控制器

@Controller
@RequestMapping("/restapi")
public class RestApiController {

    private final static Logger logger = LoggerFactory.getLogger(ProviderApiController.class);

    private Settings settings;

    @RequestMapping(value = "/postmethod", method = RequestMethod.POST, consumes = MediaType.ALL_VALUE)
    @ResponseBody
    public String postmethod() {
        return "OK";
    }
}

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/application-context.xml</param-value>
    </context-param>
    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>
    <servlet>
        <servlet-name>dispatcherServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/web-context.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>dispatcherServlet</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <session-config>
        <session-timeout>10</session-timeout>
        <cookie-config>
            <http-only>true</http-only>
            <secure>true</secure>
        </cookie-config>
    </session-config>

    <error-page>
        <error-code>401</error-code>
        <location>/error/401</location>
    </error-page>

    <error-page>
        <error-code>404</error-code>
        <location>/error/404</location>
    </error-page>

    <error-page>
        <error-code>500</error-code>
        <location>/error/500</location>
    </error-page>
</web-app>

web-context.xml

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                           http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
                           http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
                           http://www.springframework.org/schema/aop  http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">

    <mvc:annotation-driven/>
    <context:annotation-config/>
    <context:component-scan base-package="com.rest.ws"/>

    <!-- Enabling @Secured annotation to control access to the endpoints -->
    <security:global-method-security secured-annotations="enabled"/>
    <bean id="logginAspect" class="com.rest.aspect.LoggingAspect"/>

    <aop:aspectj-autoproxy proxy-target-class="true">
        <aop:include name="logginAspect" />
    </aop:aspectj-autoproxy>

    <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix" value="/WEB-INF/error/" />
        <property name="suffix" value=".jsp" />
    </bean>

</beans>

application-context.xml

<context:component-scan base-package="com.rest">
    <context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
</context:component-scan>

<!-- Define entry point with no authentication -->
<security:http pattern="/restapi/secureFunc" security="none" />

<security:http entry-point-ref="digestEntryPoint">
    <security:custom-filter ref="digestFilter" before="BASIC_AUTH_FILTER"/>
    <security:http-basic />
    <!-- Restricts anonymous access to all the pages -->
    <security:intercept-url pattern="/restapi/**" access="ROLE_PROVIDER_TMPL" />
</security:http>

<security:authentication-manager>
    <security:authentication-provider ref="daoAuthenticationProvider"/>
</security:authentication-manager>

当我添加自定义/error 页面并将web.xml 中的dispatcherServlet 中的url-pattern 从/* 更改为/ 时,该问题首次出现。

错误页面的控制器:

@Controller
@RequestMapping("/error")
public class CustomErrorMappingController {

    @RequestMapping(value = "/404", method = RequestMethod.GET)
    public String pageNotFound(HttpServletRequest request, HttpServletResponse response, Model model) {
        /*
         * you can use the model,request and response object to customize the response
         */
        return "pageNotFoundError";
    }

    @RequestMapping(value = "/500", method = RequestMethod.GET)
    public String internalServerError(HttpServletRequest request, HttpServletResponse response, Model model) {
        return "internalServerError";
    }

    @RequestMapping(value = "/401", method = RequestMethod.GET)
    public String unauthorized(HttpServletRequest request, HttpServletResponse response, Model model) {
        logger.debug("--- 401 Unauthorized");
        return "unauthorizedError";
    }

    @RequestMapping(value = "/unauthorizedError.jsp", method = RequestMethod.GET)
    public String unauthorizedError() {
        return "Unauthorized error custom.";
    }

}

错误页面是目录 /error 中名为 internalServerError.jsp 等的 JSP。

非常欢迎任何建议。

【问题讨论】:

  • 为什么要将 web.xml 中 dispatcherServlet 中的 url-pattern 从 /* 更改为 /?如果出现错误页面,'/*' 是否不起作用?
  • @Braj 这确实是一个正确的问题。
  • 是的,我无法让错误页面与 url-pattern /* 一起使用。我已经为映射到/error/401等的错误页面创建了一个控制器……我将把代码添加到上面的帖子中。
  • 您的错误页面中有method = RequestMethod.GET。对于任何 POST 且有错误的请求,这不是问题吗?我想这就是问题所在。
  • 啊,现在有线索了。你之前没这么说。您需要确保容器中的默认 servlet 已注册。您是否在某处 WebMvcConfigurerAdapter.configureDefaultServletHandling() 到您的 servlet 配置(或 XML 中的 &lt;mvc:default-servlet-handler /&gt;)?

标签: java spring rest spring-security


【解决方案1】:

我也遇到过类似的问题,在你提交表单或发送 HTTP Post 之前插入以下代码来解决:

var token = $("meta[name='_csrf']").attr("content");
var header = $("meta[name='_csrf_header']").attr("content");
$(document).ajaxSend(function(e, xhr, options) {
  xhr.setRequestHeader(header, token);
});

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2018-12-20
    • 2017-10-16
    • 2016-02-15
    • 2014-04-18
    • 2016-03-08
    • 2018-06-04
    • 2014-05-23
    • 2014-09-19
    相关资源
    最近更新 更多