创建第一个SPRING REST API,出于某种原因,只有GET请求可以正常工作,其余所有 - POST,PUT,DELETE都没有。
@RestController
@RequestMapping(value = "/api/contacts")
public class ContactRESTController {
private ContactService contactService;
@Autowired
public ContactRESTController(ContactService contactService) {
this.contactService = contactService;
}
@RequestMapping(value = "/contact/{id}", method = RequestMethod.DELETE)
public void deleteContact(@PathVariable long id) {
Contact retrived = contactService.findOne(id);
if (retrived == null) { throw new ContactNotFoundException(id);}
contactService.delete(id);
}
拥有@RestController允许我省略@ResponseBody。使用@ResponseEntity尝试没有效果。认为这可能是一些安全问题,所以我已将此行添加到security.xml
<security:intercept-url method="DELETE" access="permitAll" pattern="/api/contacts/contact/*" />
当app加载时,我可以在控制台中看到这一行:
INFO - Mapped "{[/api/contacts/contact/{id}],methods=[DELETE]}" onto public void com.bugielmarek.timetable.controllers.ContactRESTController.deleteContact(long)
但是当我在POSTMAN中选择DELETE并转到
时http://localhost:8080/crudone/api/contacts/contact/9
我得到的只是
HTTP Status 405 - Request method 'DELETE' not supported
在标题中我可以阅读&#39;允许 - GET&#39;。
尝试使用&#39; Content-Type&#39;发布DELETE请求设置为&#39; text / html&#39;没有运气。
更新:
将hiddenHttpMethodFilter添加到web.xml没有任何帮助。
<filter>
<filter-name>hiddenHttpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>hiddenHttpMethodFilter</filter-name>
<servlet-name>crudone</servlet-name>
</filter-mapping>
更新:
遵循DwB建议我打开了DEBUG级别并观察了控制台输出。我发现的是:
DEBUG - /api/contacts/contact/10 at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
DEBUG - Invalid CSRF token found for http://localhost:8080/crudone/api/contacts/contact/10
DEBUG - DispatcherServlet with name 'crudone' processing DELETE request for [/crudone/denied]
DEBUG - Looking up handler method for path /denied '
这表明它毕竟是安全问题。任何帮助如何禁用REST的csrf将非常感激 - 因为我认为这是解决方案。