我使用Spring-Security使用REST API的Spring应用程序。问题是一些POST函数有时可以通过返回200 OK然后开始给我“405 Method Not Allowed”响应来正常工作。这是非常奇怪的,因为在我进行摘要验证后,前几个调用正常(200 OK),然后其余的返回405.
这是我的配置:
控制器
@Controller
@RequestMapping("/restapi")
public class RestApiController {
private final static Logger logger = LoggerFactory.getLogger(ProviderApiController.class);
private Settings settings;
@RequestMapping(value = "/postmethod", method = RequestMethod.POST, consumes = MediaType.ALL_VALUE)
@ResponseBody
public String postmethod() {
return "OK";
}
}
的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/application-context.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/web-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>10</session-timeout>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
</session-config>
<error-page>
<error-code>401</error-code>
<location>/error/401</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/error/404</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/error/500</location>
</error-page>
</web-app>
网络-context.xml中
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
<mvc:annotation-driven/>
<context:annotation-config/>
<context:component-scan base-package="com.rest.ws"/>
<!-- Enabling @Secured annotation to control access to the endpoints -->
<security:global-method-security secured-annotations="enabled"/>
<bean id="logginAspect" class="com.rest.aspect.LoggingAspect"/>
<aop:aspectj-autoproxy proxy-target-class="true">
<aop:include name="logginAspect" />
</aop:aspectj-autoproxy>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/error/" />
<property name="suffix" value=".jsp" />
</bean>
</beans>
应用context.xml中
<context:component-scan base-package="com.rest">
<context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
</context:component-scan>
<!-- Define entry point with no authentication -->
<security:http pattern="/restapi/secureFunc" security="none" />
<security:http entry-point-ref="digestEntryPoint">
<security:custom-filter ref="digestFilter" before="BASIC_AUTH_FILTER"/>
<security:http-basic />
<!-- Restricts anonymous access to all the pages -->
<security:intercept-url pattern="/restapi/**" access="ROLE_PROVIDER_TMPL" />
</security:http>
<security:authentication-manager>
<security:authentication-provider ref="daoAuthenticationProvider"/>
</security:authentication-manager>
当我添加自定义/error页面并将web.xml中的/*中的dispatcherServlet中的url-pattern从/更改为@Controller
@RequestMapping("/error")
public class CustomErrorMappingController {
@RequestMapping(value = "/404", method = RequestMethod.GET)
public String pageNotFound(HttpServletRequest request, HttpServletResponse response, Model model) {
/*
* you can use the model,request and response object to customize the response
*/
return "pageNotFoundError";
}
@RequestMapping(value = "/500", method = RequestMethod.GET)
public String internalServerError(HttpServletRequest request, HttpServletResponse response, Model model) {
return "internalServerError";
}
@RequestMapping(value = "/401", method = RequestMethod.GET)
public String unauthorized(HttpServletRequest request, HttpServletResponse response, Model model) {
logger.debug("--- 401 Unauthorized");
return "unauthorizedError";
}
@RequestMapping(value = "/unauthorizedError.jsp", method = RequestMethod.GET)
public String unauthorizedError() {
return "Unauthorized error custom.";
}
}
时,问题首次出现。
错误页面的控制器:
{{1}}
错误页面是名为internalServerError.jsp的目录/错误中的JSP,依此类推。
非常欢迎任何建议。
答案 0 :(得分:1)
我遇到了类似的问题,在提交表单或发送HTTP Post之前插入以下代码解决:
var token = $("meta[name='_csrf']").attr("content");
var header = $("meta[name='_csrf_header']").attr("content");
$(document).ajaxSend(function(e, xhr, options) {
xhr.setRequestHeader(header, token);
});