Java 使用Spring Security在Spring MVC中提交Ajax表单-405错误
步骤1:在Spring中,Mvc使用ajax提交表单,效果很好 步骤2:将相同的SpringMVC项目与SpringSecurity集成(在SpringMVC中没有ajax表单提交)也可以很好地工作 但是现在,当尝试集成相同的(step2项目)SpringMVC+SpringSecurity并引入ajax表单SubmitforSpringMVC表单时,浏览器上出现了错误405 405:不允许使用方法,不支持请求方法“POST”Java 使用Spring Security在Spring MVC中提交Ajax表单-405错误,java,spring,spring-mvc,spring-security,ajax-forms,Java,Spring,Spring Mvc,Spring Security,Ajax Forms,步骤1:在Spring中,Mvc使用ajax提交表单,效果很好 步骤2:将相同的SpringMVC项目与SpringSecurity集成(在SpringMVC中没有ajax表单提交)也可以很好地工作 但是现在,当尝试集成相同的(step2项目)SpringMVC+SpringSecurity并引入ajax表单SubmitforSpringMVC表单时,浏览器上出现了错误405 405:不允许使用方法,不支持请求方法“POST” **General** Request URL:htt
**General**
Request URL:http://localhost:8080/Springmvc-ajax-security/submitForm.web
Request Method:POST
Status Code:405 Method Not Allowed
Remote Address:[::1]:8080
**Response header**
Allow:GET
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Content-Length:1085
Content-Type:text/html
Date:Sat, 26 Mar 2016 12:12:00 GMT
Expires:0
Pragma:no-cache
Server:Apache-Coyote/1.1
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block
**Request header**
Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:117
Content-Type:application/json; charset=UTF-8
Cookie:JSESSIONID=019622188DB97DEF5F2D1AE716032C41
Host:localhost:8080
Origin:http://localhost:8080
Referer:http://localhost:8080/Springmvc-ajax-security/helloWorld.web
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
X-Requested-With:XMLHttpRequest
**Request payload**
{"studentName":"Noorus","studentBranch":"CS","studentDept":"computer","_csrf":"b68fbffe-d7a0-40eb-9edc-74d0f6408556"}
StudentController.java
@RequestMapping(value="/submitForm.web", method = RequestMethod.POST)
public @ResponseBody Student submittedFromData(@RequestBody Student student, HttpServletRequest request) {
return student;
}
student.jsp
<body>
<form:form id="submitForm" action="submitForm.web" method="post"
commandName="student">
<fieldset style="width: 300px;">
<legend>Student details</legend>
<ol>
<li><label for=studentName>Student Name</label> <form:input
path="studentName" name="studentName" type="text"
placeholder="First and last name" /></li>
<li>
<p>
<label for=studentBranch>Student Branch</label>
<form:input path="studentBranch" name="studentBranch" type="text" />
</p>
</li>
<li>
<p>
<label for=studentDept>Student Department</label>
<form:input path="studentDept" name="studentDept" type="text"
required="true" />
</p>
</li>
</ol>
</fieldset>
<fieldset style="width: 300px;">
<input id="submitId" type="submit" value="Submit Form">
</fieldset>
</form:form>
</body>
<!-- <script type="text/javascript" src="resources/js/submit.js"></script> -->
<script type="text/javascript">
$(document).ready(function() {
alert("welcome to js page");
$('#submitForm').submit(function(e) {
var frm = $('#submitForm');
e.preventDefault();
var data = {}
var Form = this;
//Gather Data also remove undefined keys(buttons)
$.each(this, function(i, v){
var input = $(v);
data[input.attr("name")] = input.val();
delete data["undefined"];
});
$.ajax({
contentType : 'application/json; charset=utf-8',
type: frm.attr('method'),
url: frm.attr('action'),
dataType : 'json',
data : JSON.stringify(data),
success : function(callback){
alert("Response: Name: "+callback.studentName+" Branch: "+callback.studentBranch+" Department: "+callback.studentDept);
$(this).html("Success!");
},
error : function(){
$(this).html("Error!");
}
});
});
});
</script>
提前感谢@RequestMapping(value=“/submitForm.web”,method=RequestMethod.GET)
你是说
method=RequestMethod.POST
我遇到了一个类似的问题,我在使用带有Spring安全性的Ajax时,禁用csrf对我的安全配置有效
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable();
}
}
您的有效负载正在发送_csrf,这与您的对象中的额外数据类似。{“studentName”:“Noorus”,“studentBranch”:“CS”,“studentDept”:“computer”,“_csrf”:“b68fbffe-d7a0-40eb-9edc-74d0f6408556””
但是,如果您看到模型类,它没有_csrf字段。这可能是请求正在查找精确匹配方法,但找不到的原因,因此显示405。您是否在spring security中启用了csrf检查?我认为它在版本4+中默认启用。如果是这样,您也应该传递令牌。@Jovin Thariyath使用spring 4.2.5,令牌可以在请求的Payloads中看到。当时我在示例代码中只看到了
RequestMethod.GET
,这也会给出帖子的错误。然而,由于gaurab声明(并随后更改了代码0),这并不是导致问题的唯一问题。
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable();
}
}