我在使用 Spring Security 登录时遇到问题。登录页面显示正常,但每当我想实际登录时,我都会收到以下错误:
Etat HTTP 405 - 不支持请求方法“POST”。
由于我使用的是Spring Security 4.0.1,请注意,表单操作中使用的/login引用了Spring Security的内置身份验证引擎。因此它与 Controller 中登录方法中的/login不同。
以下是相关文件:
login.jsp:
<body onload='document.loginForm.username.focus();'>
<h1>Spring Security Custom Login Form (Annotation)</h1>
<div id="login-box">
<h2>Login with Username and Password</h2>
<c:if test="${not empty error}">
<div class="error">${error}</div>
</c:if>
<c:if test="${not empty msg}">
<div class="msg">${msg}</div>
</c:if>
<form name='loginForm'
action="<c:url value='/login' />" method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='username' value=''></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' /></td>
</tr>
<tr>
<td colspan='2'>
<input name="submit" type="submit" value="submit" />
</td>
</tr>
</table>
<input type="hidden"
name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>
</div>
主 Controller :
@Controller
public class MainController {
private static final Logger logger = LoggerFactory.getLogger(MainController.class);
@RequestMapping(value = "/login", method=RequestMethod.GET)
public ModelAndView login(
@RequestParam(value="erreur",required = false) String erreur,
@RequestParam(value="logout",required = false) String logout) {
ModelAndView model = new ModelAndView();
if(erreur != null) {
model.addObject("erreur", "Identifiants incorrectes");
}
if(logout != null) {
model.addObject("msg","you have been logged out successfully");
}
return model;
}
@RequestMapping(value = "/admin**", method = RequestMethod.GET)
public String admin(Locale locale, Model model) {
logger.info("Bienvenue ! vous êtes en {}.", locale);
Date date = new Date();
DateFormat dateFormat = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.LONG, locale);
String formattedDate = dateFormat.format(date);
model.addAttribute("serverTime", formattedDate );
return "admin";
}
@RequestMapping(value = "/403", method = RequestMethod.GET)
public ModelAndView accesssDenied() {
ModelAndView model = new ModelAndView();
//verifier si l'utilisateur est connecté
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
logger.info("Authentification:"+auth);
if (!(auth instanceof AnonymousAuthenticationToken)) {
UserDetails userDetail = (UserDetails) auth.getPrincipal();
model.addObject("username", userDetail.getUsername());
}
model.setViewName("403");
return model;
}
@RequestMapping(value = {"/","/index"}, method = RequestMethod.GET)
public String home(Locale locale, Model model) {
logger.info("Bienvenue ! vous êtes en {}.", locale);
Date date = new Date();
DateFormat dateFormat = DateFormat.getDateTimeInstance(DateFormat.LONG, DateFormat.LONG, locale);
String formattedDate = dateFormat.format(date);
model.addAttribute("serverTime", formattedDate );
return "index";
}
spring-security.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" use-expressions="true">
<access-denied-handler error-page="/403" />
<intercept-url pattern="/admin**" access="hasRole('admin')" />
<form-login
login-page="/login"
default-target-url="/index"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" invalidate-session="true"/>
<!-- enable csrf protection -->
<csrf/>
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"select login,pwd, enabled from utilisateur where login=?"
authorities-by-username-query=
"select login, role from role where login =?" />
</authentication-provider>
</authentication-manager>
</beans:beans>
最佳答案
您正在对服务进行 POST
调用,该调用公开为 GET
。
@RequestMapping(value = "/login", method=RequestMethod.GET)
<form name='loginForm'
action="<c:url value='/login' />" method='POST'>
这就是您收到此信息的原因。
关于xml - 使用 Spring Security 登录 : Request method 'POST' not supported,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29924161/