DELETE操作返回错误:发生意外错误(类型=禁止,状态= 403)。禁止的

时间:2019-07-18 11:33:40

标签: java spring-boot spring-security spring-data-jpa thymeleaf

我正在做一个 spring-boot 项目,该项目包括百里香 spring-security 。当我执行-显示产品列表,显示产品详细信息,添加新产品,更新现有产品时,效果很好。

但是当我执行-删除产品时,会出现以下错误:

  

白标错误页面

     

此应用程序没有针对/ error的显式映射,因此您将其视为备用。

     

BDT 2019年7月18日16:59:16

     

发生了意外错误(类型为禁止,状态为403)。

     

禁止

这是我的代码:

product_list.html

try {
    context.AddRange(users); // List<User>, has property List<Contact>
    context.SaveChanges(); // throws exception on unique index
} catch (Exception ex) {
    context.RemoveRange(users); // this throws exception "The property 'UserID' on entity type 'Contact' has a temporary value"
    throw;
}

ProductController.java

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
    <head>
        <title>Product List</title>
        <link rel="stylesheet" th:href="@{/css/bootstrap.css}">
    </head>
    <body>
        <div class="container">
            <h1>Product List</h1>
            <hr>
            <a class="btn btn-success" th:href="@{/products/add}">Create New Product</a>
            <hr>
            <table class="table">
                <thead>
                    <tr>
                        <th>Product ID</th>
                        <th>Name</th>
                        <th>Brand</th>
                        <th>Made In</th>
                        <th>Price</th>
                        <th>Actions</th>
                    </tr>
                </thead>
                <tbody>
                    <tr th:each="theProduct:${theProducts}">
                        <td th:text="${theProduct.id}">Product ID</td>
                        <td th:text="${theProduct.name}">Name</td>
                        <td th:text="${theProduct.brand}">Brand</td>
                        <td th:text="${theProduct.madein}">Made In</td>
                        <td th:text="${theProduct.price}">Price</td>
                        <td>
                            <a class="btn btn-info" th:href="@{'/products/show/' + ${theProduct.id}}">View</a>
                            <a class="btn btn-warning" th:href="@{'/products/edit/' + ${theProduct.id}}">Edit</a>
                            <a class="btn btn-danger" th:data-the-product-id="${theProduct.id}" data-toggle="modal" data-target="#deleteConfirmationModal">Delete</a>

                            <div class="modal fade" id="deleteConfirmationModal" tabindex="-1" role="dialog" aria-labelledby="deleteConfirmationModalLabel" aria-hidden="true">
                              <div class="modal-dialog" role="document">
                                <div class="modal-content">
                                  <div class="modal-header">
                                    <h5 class="modal-title" id="exampleModalLabel">Delete Confirmation</h5>
                                    <button type="button" class="close" data-dismiss="modal" aria-label="Close">
                                      <span aria-hidden="true">&times;</span>
                                    </button>
                                  </div>
                                  <div class="modal-body">
                                    Are you sure you want to DELETE the Product.
                                    <br>
                                    <form id="deleteForm" action="#" th:method="DELETE">
                                        <button type="submit" class="btn btn-danger">Delete Employee</button>
                                    </form>
                                  </div>
                                  <div class="modal-footer">
                                    <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
                                  </div>
                                </div>
                              </div>
                            </div>

                        </td>
                    </tr>
                </tbody>
            </table>
        </div>
        <script th:src="@{/js/jquery-3.3.1.js}"></script>
        <script th:src="@{/js/popper.js}"></script>
        <script th:src="@{/js/bootstrap.js}"></script>
        <script>
        $('#deleteConfirmationModal').on('show.bs.modal', function (event) {
            var anchorLink = $(event.relatedTarget)
            var theProductId = anchorLink.data('theProductId')
            var modal = $(this)
            $("#deleteForm").attr("action", "/products/delete/" + theProductId)
        })
    </script>
    </body>
</html>

LoginController.java

package com.example.demo.controller;

import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestMapping;

import com.example.demo.dao.ProductRepository;
import com.example.demo.entity.Product;

@Controller
@RequestMapping("/products")
public class ProductController {

    @Autowired
    private ProductRepository productRepository;

    @GetMapping("/index")
    public String index(Model theModel) {
        List<Product> theProducts = productRepository.findAll();
        theModel.addAttribute("theProducts", theProducts);
        return "product/product_list";
    }

    @GetMapping("/add")
    public String add(Model theModel) {
        Product theProduct = new Product();
        theModel.addAttribute("theProduct", theProduct);
        return "product/product_add_form";
    }

    @GetMapping("/show/{productId}")
    public String show(@PathVariable int productId, Model theModel) {
        Product theProduct = productRepository.findById(productId).get();
        if(theProduct == null) {
            return null;
        }
        theModel.addAttribute("theProduct", theProduct);
        return "product/product_detail";
    }

    @PostMapping("/create")
    public String create(@ModelAttribute("theProduct") Product theProduct) {
        theProduct.setId(0);
        productRepository.save(theProduct);
        return "redirect:/products/index";
    }

    @GetMapping("/edit/{productId}")
    public String edit(@PathVariable(name="productId") int productId, Model theModel) {
        Product theProduct = productRepository.findById(productId).get();
        theModel.addAttribute("theProduct", theProduct);
        return "product/product_edit_form";
    }

    @PutMapping("/update")
    public String update(@ModelAttribute("theProduct") Product theProduct) {
        productRepository.save(theProduct);
        return "redirect:/products/index";
    }

    @DeleteMapping("/delete/{productId}")
    public String delete(@PathVariable int productId) {
        Product tempProduct = productRepository.findById(productId).get();
        if(tempProduct == null) {
            return null;
        }
        productRepository.deleteById(productId);
        return "redirect:/products/index";
    }
}

SecurityConfig.java

package com.example.demo.controller;

import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class LoginController {

    @RequestMapping("/login")
    public String login() {
        return "login"; 
    }

    @GetMapping("/")
    public String home(Model theModel) {    
        return "redirect:/products/index";  
    }
}

3 个答案:

答案 0 :(得分:2)

尝试在配置中禁用csrf令牌:

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/css/**")
                .permitAll()
                .antMatchers("/js/**")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .formLogin()
                .loginPage("/login")
                .loginProcessingUrl("/authenticateTheUser")
                .permitAll()
                .and()
                .logout()
                .permitAll()
                .and().csrf().disable();
    }

答案 1 :(得分:1)

很幸运,您在每个循环的百里香叶内都添加了“模态”,因此请根据我的代码来编辑html...。

 <form id="deleteForm" th:action="${'/products/delete/' + theProductId}" th:method="DELETE">
         <button type="submit" class="btn btn-danger">Delete Employee</button>
 </form>

这是经过测试的代码...可以正常工作..
您只是错过了“ th:action”,因为它不能像百里香叶一样起作用。因此百里香叶不会提供隐藏的“ _csrf”字段;

答案 2 :(得分:0)

我想问题是您错过了th:href作为删除按钮。