HTTP 405 Not Allowed - Spring Boot + Spring Security -


i have simple rest api works database. worked until added security part. gives http 405 not allowed on post , delete requests. have no idea why. requests work properly.

so here controller class:

@controller public class markercontroller {      private logger logger = logger.getlogger(markercontroller.class.getname());      @autowired     private markerserviceinterface markerservice;      @requestmapping(value="/markers", method=requestmethod.get)     public @responsebody list<marker> getmarkers(@requestparam(value="city", defaultvalue="") string city) {         logger.info("handle request");            return this.markerservice.getallmarkers();     }      @requestmapping(value="/markers/new", method=requestmethod.post)     public @responsebody marker addmarker(@requestbody marker marker) {         logger.info("handle post request");          this.markerservice.addmarker(marker);         return marker;     }      @requestmapping(value="/markers/delete", method=requestmethod.delete)     public @responsebody string deletemarker(@requestparam(value="id", defaultvalue="") string id) {         logger.info("handle delete request");         if (!id.equals("")) {             logger.info(id);             this.markerservice.deletemarker(long.parselong(id));         }         return "";     }      @requestmapping(value="/admin/map")     public string trafficspy() {         logger.info("handle map");         return "index";     }      @requestmapping(value="/admin")     public string admin() {         return "admin";     }      @requestmapping(value="/login")     public string login() {         return "login";     }  }

this securityconfig:

@configuration @enablewebsecurity public class securityconfig extends websecurityconfigureradapter {     @autowired     @qualifier("userdetailsservice")     userdetailsservice userdetailsservice;      @autowired     public void configureglobal(authenticationmanagerbuilder auth)             throws exception {         auth.userdetailsservice(userdetailsservice).passwordencoder(                 passwordencoder());     }      @override     protected void configure(httpsecurity http) throws exception {          http                 .authorizerequests()             .antmatchers("/admin/**")             .access("hasrole('role_admin')")             .antmatchers("/markers/**")             .access("hasrole('role_user')")             .and()             .formlogin()             .loginpage("/login")             .failureurl("/login?error")             .usernameparameter("username")             .passwordparameter("password")             .and()             .logout()             .logoutsuccessurl("/login?logout")             .and()             .csrf()             .and()             .exceptionhandling()             .accessdeniedpage("/403");     }      @bean     public passwordencoder passwordencoder() {         passwordencoder encoder = new bcryptpasswordencoder();         return encoder;     }      @bean     public daoauthenticationprovider authprovider() {         daoauthenticationprovider authprovider = new daoauthenticationprovider();         authprovider.setuserdetailsservice(userdetailsservice);         authprovider.setpasswordencoder(passwordencoder());         return authprovider;     } }

the delete request called following ajax code:

$.ajax({         url: "localhost:8080/markers/delete?id=" + currentmarker.get("id"),         type: 'delete',         success: function(result) {             console.log(result);         }     });

and here message given in console:

2015-05-11 15:48:13.671  warn 8279 --- [nio-8181-exec-6] o.s.web.servlet.pagenotfound             : request method 'delete' not supported

these headers of response. can see in alllow have , head. if i'm right, means method in controller accepts , head requests. 

(status-line)               http/1.1 405 method not allowed server                      apache-coyote/1.1 x-content-type-options      nosniff x-xss-protection            1; mode=block cache-control               no-cache, no-store, max-age=0, must-revalidate pragma                      no-cache expires                     0 x-frame-options             deny allow                       get, head content-type                application/json;charset=utf-8 transfer-encoding           chunked date                        mon, 11 may 2015 17:35:31 gmt

in response have exeption: 

org.springframework.web.httprequestmethodnotsupportedexception

any idea causing problem? how can allow post , delete methods?

you forget csrf-token.

it's recommended add csrf-token in meta-tag. can read in spring security documentation

with can following:

$(function () {   var token = $("meta[name='_csrf']").attr("content");   var header = $("meta[name='_csrf_header']").attr("content");   $(document).ajaxsend(function(e, xhr, options) {     xhr.setrequestheader(header, token);   }); });

Comments

Post a Comment

Popular posts from this blog

IF statement in MySQL trigger -

this query code in mysql trigger. if 1=2 select 'yes'; else select 'no'; end if; but has following error: if '1'='2' select 'yes' error code: 1064. have error in sql syntax; check manual corresponds mysql server version right syntax use near 'if '1'='2' select 'yes'' @ line 1 0.000 sec what solution?
Read more

c++ - What does MSC in "// appease MSC" comments mean? -

i run across // appease msc in c++ comments, e.g. here : const int& array::operator[](int offset) const { int mysize = getitssize(); if (offset >= 0 && offset < getitssize()) return ptype[offset]; throw xboundary(); return ptype[offset]; // appease msc! } what msc stand ? the author means microsoft's compiler, more formally known msvc.
Read more

javascript - Blogger related post gadget image Resize s72-c [ Need Expert Help ] -

i run blogger blog , use follow code javascript code (requires no jquery) show related post labels/categories of post. <script type='text/javascript'> var defaultnoimage=&quot;http://1.bp.blogspot.com/-m72rpguntq0/vuokijudn_i/aaaaaaaaboi/lq18sceunsg/w72/favicon-tik.png&quot;; var maxresults=16; var splittercolor=&quot;#d4eaf2&quot;; var relatedpoststitle=&quot;related posts&quot;; </script> <script type='text/javascript'>//<![cdata[ var relatedtitles = new array(); var relatedtitlesnum = 0; var relatedurls = new array(); var thumburl = new array(); function related_results_labels_thumbs(json) { (var = 0; < json.feed.entry.length; i++) { var entry = json.feed.entry[i]; relatedtitles[relatedtitlesnum] = entry.title.$t; try { thumburl[relatedtitlesnum] = entry.media$thumbnail.url } catch (error) {...
Read more