发表新帖
发表新帖

Spring Security - 405 Request Method 'POST' Not Supported

前端 未结
关注
6 1423
执笔经年
执笔经年 2021-01-13 10:31

I have implemented Spring Security to my project, but I am getting status 405 when I try to log in. I have already added csrf token in the form.

相关标签:
6条回答
  • 北恋
    2021-01-13 11:02

    You are calling for a POST yet have only defined GET methods. Change your endpoint to RequestMethod.POST

    0 讨论(0)
  • 伪装坚强ぢ
    2021-01-13 11:04

    First of all csrf is enabled by default in Spring as of Spring 4.0 so there no need to explicitly enable it yourself.

    Secondly, there is no endpoint for you to authenticate your login. What you're doing is sending a request to /login which only takes a GET request. You could create another controller method to receive that POST request and authenticate or you could use a UserDetailsService.

    SecurityConfiguration

    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                    .antMatchers("/login-form")
                        .anonymous()
                    .and()
                .formLogin()
                    .loginPage("/user-login") 
                    .defaultSuccessUrl("/admin", true) // the second parameter is for enforcing this url always
                    .loginProcessingUrl("/login")
                    .failureUrl("/user-login")
                    .permitAll();
}

@Autowired 
private UserDetailsService userDetailsService;  

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    BCryptPasswordEncoder pe = new  BCryptPasswordEncoder();
    auth.userDetailsService(userDetailsService).passwordEncoder(pe);
}

    Here our view page is /user-login and the processing url is /login this means in your controller you need remove the mapping for /login and add the following:

    Controller

    @RequestMapping(value="/user-login", method=RequestMethod.GET)
public ModelAndView loginForm() {
    return new ModelAndView("login-form");
}

    And change your view.

    View (login-form.jsp)

    <c:url value="/login" var="loginUrl"/>
<form action="${loginUrl}" method="post" modelAttribute="user">
    Username: <input type="text" id="username" name="username" placeholder=""><br>
    Password: <input type="password" id="password" name="password" placeholder=""><br>

    <input type="hidden"
    name="${_csrf.parameterName}"
    value="${_csrf.token}"/>
    <button type="submit">Login</button>
</form>
    0 讨论(0)
  • 無奈伤痛
    2021-01-13 11:07

    If you are using JSP/JSTL

    Change

    <form action="${loginUrl}" method="post"></form>

    to

    <form:form action="${loginUrl}" method="post" </form:form>

    with tag declaration 

    <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%>

    solve my problem

    0 讨论(0)
  • 逝去的感伤
    2021-01-13 11:12

    You can set two endpoints for one url. But you cannot set any request parameter as required. As I saw your request map for login, you can set your request method like this: 

    @RequestMapping(value = "/login", method = { RequestMethod.GET, RequestMethod.POST })
public ModelAndView loginPage() {
    return new ModelAndView("login");
}
    0 讨论(0)
  • 广开言路
    2021-01-13 11:20

    I started getting the same thing when I added a successForwardUrl and found that the response on sucessful login is a POST to that endpoint or to "/" if not set. Once I enabled POST on the defined endpoint as well as GET all was fine.

    0 讨论(0)
  • 暖寄归人
    2021-01-13 11:21

    Check your web.xml file you might forgot to keep "securityFilterChain"

    Use this code in web.xml file

    <!-- Security configuration goes here -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
    0 讨论(0)
 看不清?
提交回复
热议问题