Java 使用Spring Security在Spring MVC中提交Ajax表单-405错误_Java_Spring_Spring Mvc_Spring Security_Ajax Forms

Java 使用Spring Security在Spring MVC中提交Ajax表单-405错误

java spring spring-mvc spring-security

Java 使用Spring Security在Spring MVC中提交Ajax表单-405错误,java,spring,spring-mvc,spring-security,ajax-forms,Java,Spring,Spring Mvc,Spring Security,Ajax Forms,步骤1：在Spring中，Mvc使用ajax提交表单，效果很好步骤2：将相同的SpringMVC项目与SpringSecurity集成（在SpringMVC中没有ajax表单提交）也可以很好地工作但是现在，当尝试集成相同的（step2项目）SpringMVC+SpringSecurity并引入ajax表单SubmitforSpringMVC表单时，浏览器上出现了错误405 405:不允许使用方法，不支持请求方法“POST” **General** Request URL:htt

步骤1：在Spring中，Mvc使用ajax提交表单，效果很好

步骤2：将相同的SpringMVC项目与SpringSecurity集成（在SpringMVC中没有ajax表单提交）也可以很好地工作

但是现在，当尝试集成相同的（step2项目）SpringMVC+SpringSecurity并引入ajax表单SubmitforSpringMVC表单时，浏览器上出现了错误405

405:不允许使用方法，不支持请求方法“POST”

   **General**
    Request URL:http://localhost:8080/Springmvc-ajax-security/submitForm.web
    Request Method:POST
    Status Code:405 Method Not Allowed
    Remote Address:[::1]:8080

**Response header**
Allow:GET
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Content-Length:1085
Content-Type:text/html
Date:Sat, 26 Mar 2016 12:12:00 GMT
Expires:0
Pragma:no-cache
Server:Apache-Coyote/1.1
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block



**Request header**
Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:117
Content-Type:application/json; charset=UTF-8
Cookie:JSESSIONID=019622188DB97DEF5F2D1AE716032C41
Host:localhost:8080
Origin:http://localhost:8080
Referer:http://localhost:8080/Springmvc-ajax-security/helloWorld.web
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
X-Requested-With:XMLHttpRequest

**Request payload**
{"studentName":"Noorus","studentBranch":"CS","studentDept":"computer","_csrf":"b68fbffe-d7a0-40eb-9edc-74d0f6408556"}

StudentController.java

@RequestMapping(value="/submitForm.web", method = RequestMethod.POST)
    public @ResponseBody Student  submittedFromData(@RequestBody Student student, HttpServletRequest request) { 
        return student;
    }

student.jsp

    <body>

    <form:form id="submitForm" action="submitForm.web" method="post"
        commandName="student">

    <fieldset style="width: 300px;">
        <legend>Student details</legend>
        <ol>
            <li><label for=studentName>Student Name</label> <form:input
                    path="studentName" name="studentName" type="text"
                    placeholder="First and last name" /></li>
            <li>
                <p>
                    <label for=studentBranch>Student Branch</label>
                    <form:input path="studentBranch" name="studentBranch" type="text" />
                </p>
            </li>
            <li>
                <p>
                    <label for=studentDept>Student Department</label>
                    <form:input path="studentDept" name="studentDept" type="text"
                        required="true" />
                </p>
            </li>
        </ol>
    </fieldset>

    <fieldset style="width: 300px;">
        <input id="submitId" type="submit" value="Submit Form">
    </fieldset>
</form:form>
</body>

<!-- <script type="text/javascript" src="resources/js/submit.js"></script> -->
<script type="text/javascript">
$(document).ready(function() {

    alert("welcome to js page");
    $('#submitForm').submit(function(e) {
        var frm = $('#submitForm');
        e.preventDefault();

        var data = {}
        var Form = this;

        //Gather Data also remove undefined keys(buttons)
        $.each(this, function(i, v){
            var input = $(v);
            data[input.attr("name")] = input.val();
            delete data["undefined"];
        });
        $.ajax({
            contentType : 'application/json; charset=utf-8',
            type: frm.attr('method'),
            url: frm.attr('action'),
            dataType : 'json',
            data : JSON.stringify(data),
            success : function(callback){
                alert("Response: Name: "+callback.studentName+"  Branch: "+callback.studentBranch+"  Department: "+callback.studentDept);
                $(this).html("Success!");
            },
            error : function(){
                $(this).html("Error!");
            }
        });
    });
});

</script>

提前感谢

@RequestMapping（value=“/submitForm.web”，method=RequestMethod.GET）

你是说

method=RequestMethod.POST

我遇到了一个类似的问题，我在使用带有Spring安全性的Ajax时，禁用csrf对我的安全配置有效

   @Configuration
   public class SecurityConfiguration extends WebSecurityConfigurerAdapter   {

   @Override
   protected void configure(HttpSecurity httpSecurity) throws Exception {
   httpSecurity.csrf().disable();

   }
}

您的有效负载正在发送_csrf，这与您的对象中的额外数据类似。{“studentName”：“Noorus”，“studentBranch”：“CS”，“studentDept”：“computer”，“_csrf”：“b68fbffe-d7a0-40eb-9edc-74d0f6408556””

但是，如果您看到模型类，它没有_csrf字段。这可能是请求正在查找精确匹配方法，但找不到的原因，因此显示405。

您是否在spring security中启用了csrf检查？我认为它在版本4+中默认启用。如果是这样，您也应该传递令牌。@Jovin Thariyath使用spring 4.2.5，令牌可以在请求的Payloads中看到。当时我在示例代码中只看到了

RequestMethod.GET

，这也会给出帖子的错误。然而，由于gaurab声明（并随后更改了代码0），这并不是导致问题的唯一问题。

   @Configuration
   public class SecurityConfiguration extends WebSecurityConfigurerAdapter   {

   @Override
   protected void configure(HttpSecurity httpSecurity) throws Exception {
   httpSecurity.csrf().disable();

   }
}