问题在于,当我点击提交时,我得到了
Etat HTTP 405 - Request method 'POST' not supported
这是控制器:
@RequestMapping(value = "/admin/login", method = RequestMethod.GET)
public ModelAndView login(
@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout) {
LOGGER.debug("admin login page");
ModelAndView model = new ModelAndView();
if (error != null) {
model.addObject("error", "Invalid username and password!");
}
if (logout != null) {
model.addObject("msg", "You've been logged out successfully.");
}
model.setViewName("/admin/index");
LOGGER.debug("returning admin login page");
return model;
}
形式:
<form class="m-t" role="form" th:action="@{/admin/login}" method="POST" autocomplete="off">
<div th:if="${param.error}" class="alert alert-danger">Invalid username and password.</div>
<div th:if="${param.logout}" class="alert alert-success">You have been logged out.</div>
<div class="form-group">
<input type="text" class="form-control" id="username" name="username" placeholder="Username" required="" />
</div>
<div class="form-group">
<input type="password" class="form-control" id="username" name="username" placeholder="Username" required="" />
</div>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<button type="submit" class="btn btn-primary block full-width m-b">Login</button>
<a href="#"><small>Forgot password?</small></a>
<p class="text-muted text-center">
<small>Do not have an account?</small>
</p>
<a class="btn btn-sm btn-white btn-block" href="register.html">Create an account</a>
</form>
似乎csrf字段无效。
我解释一下,我有正常用户网站,我在这里引用,管理部分是/ admin
正确显示登录表单。但是当我点击提交时,我得到了Etat HTTP 405 - Request method 'POST' not supported
请问好吗?
这是我的安全配置类:
package com.mintad.spring.security;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
/**
* @author Sofiane HAMMAMI
*/
@Configuration
@EnableWebSecurity
@ComponentScan
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
@Qualifier("customUserDetailsService")
UserDetailsService userDetailsService;
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.antMatchers("/admin/**").permitAll()
// .antMatchers("/admin/**").access("hasRole('ADMIN')")
.and().formLogin().loginPage("/login")
.defaultSuccessUrl("/welcome").usernameParameter("username").passwordParameter("password")
.and().exceptionHandling().accessDeniedPage("/404");
}
}
答案 0 :(得分:1)
您获得405的原因是,您尝试使用http post方法提交表单并使用http get方法定义结束点。
您需要将请求映射更改为方法POST,如:
@RequestMapping(value = "/admin/login", method = RequestMethod.POST)
或者你可以在你的形式中反过来(我不推荐),如:
<form class="m-t" role="form" th:action="@{/admin/login}" method="GET" autocomplete="off">
答案 1 :(得分:1)
在控制器中,您将表单定义为GET:
@RequestMapping(value = "/admin/login", method = RequestMethod.GET)
在表单中,您将其称为POST:
form class="m-t" role="form" th:action="@{/admin/login}" method="POST"
在控制器或表单中更改其中一个。
如果要在控制器处更改,请将现有行替换为:
@RequestMapping(value = "/admin/login", method = RequestMethod.POST)
或者您可以通过修改来自
等表单的来电来完成form class="m-t" role="form" th:action="@{/admin/login}" method="GET"
答案 2 :(得分:1)
将您的安全配置更改为使用...
.formLogin().loginPage("/admin/login")
作为登录页面:
{{1}}