405 - 请求方法 'POST' 不支持 Spring MVC + Spring 安全
405 - Request method 'POST' not supported Spring MVC + Spring Security
抱歉,我看到了很多关于这个主题的问题,但没有人能帮助我。
当我在登录表单中输入正确的登录数据时,一切正常。当我在登录表单中输入不正确的登录数据时,重定向到 'loginProcessingUrl()' 是 '/sign-in-handler' 但我在控制器 POST-endpoint 中没有用于 /sign-in-handler 映射,因为这端点必须由 spring 安全处理。但是我有405。
这是我的代码:
SecurityConfig.java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private DataSource dataSource;
@Bean
public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl persistentTokenRepository = new JdbcTokenRepositoryImpl();
persistentTokenRepository.setDataSource(dataSource);
return persistentTokenRepository;
}
@Bean
public PasswordEncoder getPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(getPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/my-profile", "/edit", "/edit/**", "/remove").hasAnyAuthority(Constants.USER)
.anyRequest().permitAll()
.and()
.formLogin()
.loginPage("/sign-in")
.loginProcessingUrl("/sign-in-handler")
.usernameParameter("uid")
.passwordParameter("password")
.defaultSuccessUrl("/my-profile")
.failureForwardUrl("/sign-in-failed")
.and()
.logout()
.logoutUrl("/sign-out")
.logoutSuccessUrl("/welcome")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.and()
.rememberMe()
.rememberMeParameter("remember-me")
.key("resume-online-key")
.tokenRepository(persistentTokenRepository());
}
}
符号-in.jsp
<form action='<spring:url value="/sign-in-handler"/>' method="post">
<c:if test="${sessionScope.SPRING_SECURITY_LAST_EXCEPTION != null}">
<div class="alert alert-danger" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message }
<c:remove var="SPRING_SECURITY_LAST_EXCEPTION" scope="session" />
</div>
</c:if>
<div class="help-block">Вы можете использовать Ваши UID или Email или Phone в качестве логина</div>
<div class="form-group">
<label for="uid">Логин</label> <input id="uid" name="uid" class="form-control" placeholder="UID или Email или Phone" required autofocus>
</div>
<div class="form-group">
<label for="password">Пароль</label> <input id="password" type="password" name="password" class="form-control" placeholder="Password" required>
</div>
<div class="form-group">
<label><input type="checkbox" name="remember-me" value="true"> Запомнить меня</label>
</div>
<button type="submit" class="btn btn-success">Войти</button>
</form>
ViewLoginController.java
@Controller
public class ViewLoginController {
@GetMapping("sign-in")
public String signIn() {
return "sign-in";
}
@GetMapping("/sign-in-failed")
public String signInFailed(HttpSession httpSession){
if(httpSession.getAttribute("SPRING_SECURITY_LAST_EXCEPTION") == null){
return "redirect:/sign-in";
}
return "sign-in";
}
}
但是我有 - https://prnt.sc/s79zwz
我试过:在 jsp spring:url、c:url、${pageContext.request.contextPath} 上更改 url,只是 '/',daoAuthenticationProvider...
感谢帮助
我认为您可以使用 failureUrl,而不是 failureForwardUrl,例如:
and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login/authenticate")
.failureUrl("/login?param.error=bad_credentials")
两者之间的区别在于failureForwardUrl 可以执行服务器端转发(例如,您观察到的POST到您的端点)而failureUrl 使用平台默认的重定向策略,会导致浏览器重定向(HTTP 302)。文档真的很模糊,至少对我来说造成了很多混乱。
抱歉,我看到了很多关于这个主题的问题,但没有人能帮助我。 当我在登录表单中输入正确的登录数据时,一切正常。当我在登录表单中输入不正确的登录数据时,重定向到 'loginProcessingUrl()' 是 '/sign-in-handler' 但我在控制器 POST-endpoint 中没有用于 /sign-in-handler 映射,因为这端点必须由 spring 安全处理。但是我有405。 这是我的代码:
SecurityConfig.java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private DataSource dataSource;
@Bean
public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl persistentTokenRepository = new JdbcTokenRepositoryImpl();
persistentTokenRepository.setDataSource(dataSource);
return persistentTokenRepository;
}
@Bean
public PasswordEncoder getPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(getPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/my-profile", "/edit", "/edit/**", "/remove").hasAnyAuthority(Constants.USER)
.anyRequest().permitAll()
.and()
.formLogin()
.loginPage("/sign-in")
.loginProcessingUrl("/sign-in-handler")
.usernameParameter("uid")
.passwordParameter("password")
.defaultSuccessUrl("/my-profile")
.failureForwardUrl("/sign-in-failed")
.and()
.logout()
.logoutUrl("/sign-out")
.logoutSuccessUrl("/welcome")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.and()
.rememberMe()
.rememberMeParameter("remember-me")
.key("resume-online-key")
.tokenRepository(persistentTokenRepository());
}
}
符号-in.jsp
<form action='<spring:url value="/sign-in-handler"/>' method="post">
<c:if test="${sessionScope.SPRING_SECURITY_LAST_EXCEPTION != null}">
<div class="alert alert-danger" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message }
<c:remove var="SPRING_SECURITY_LAST_EXCEPTION" scope="session" />
</div>
</c:if>
<div class="help-block">Вы можете использовать Ваши UID или Email или Phone в качестве логина</div>
<div class="form-group">
<label for="uid">Логин</label> <input id="uid" name="uid" class="form-control" placeholder="UID или Email или Phone" required autofocus>
</div>
<div class="form-group">
<label for="password">Пароль</label> <input id="password" type="password" name="password" class="form-control" placeholder="Password" required>
</div>
<div class="form-group">
<label><input type="checkbox" name="remember-me" value="true"> Запомнить меня</label>
</div>
<button type="submit" class="btn btn-success">Войти</button>
</form>
ViewLoginController.java
@Controller
public class ViewLoginController {
@GetMapping("sign-in")
public String signIn() {
return "sign-in";
}
@GetMapping("/sign-in-failed")
public String signInFailed(HttpSession httpSession){
if(httpSession.getAttribute("SPRING_SECURITY_LAST_EXCEPTION") == null){
return "redirect:/sign-in";
}
return "sign-in";
}
}
但是我有 - https://prnt.sc/s79zwz 我试过:在 jsp spring:url、c:url、${pageContext.request.contextPath} 上更改 url,只是 '/',daoAuthenticationProvider... 感谢帮助
我认为您可以使用 failureUrl,而不是 failureForwardUrl,例如:
and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login/authenticate")
.failureUrl("/login?param.error=bad_credentials")
两者之间的区别在于failureForwardUrl 可以执行服务器端转发(例如,您观察到的POST到您的端点)而failureUrl 使用平台默认的重定向策略,会导致浏览器重定向(HTTP 302)。文档真的很模糊,至少对我来说造成了很多混乱。