405不允许用于POST的方法 [英] 405 Method Not Allowed for POST
问题描述
我有一个非常简单的spring boot应用程序,该应用程序受以下代码保护:
I have a very simple spring boot application, which is secured by the following code:
http.authorizeRequests()
.antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
.and()
.formLogin().loginPage("/login").failureUrl("/login?error")
.usernameParameter("username").passwordParameter("password")
.and()
.logout().logoutSuccessUrl("/login?logout")
.and()
.exceptionHandling().accessDeniedPage("/403");
这个想法是为了保护管理员"部分.它公开了REST API. 问题是所有POSTS返回
the idea is to secure "admin" portion. It exposes a REST API. The problem is all the POSTS returns
不允许使用405方法
405 Method Not Allowed
如果我从应用程序中删除了安全启动器,它将起作用.这使我相信安全配置是问题所在.但是我不知道如何.
If I remove the security starter from the application, it works. This makes me believe that the security configuration is the problem. But I cannot find out how.
推荐答案
这应该很容易.
如果启用CSRF,则不允许进行POST和PUT请求,并且默认情况下,spring boot会启用这些请求.
POSTs and PUT requests would not be allowed if CSRF is enabled,and spring boot enables those by default.
只需将其添加到您的配置代码中即可:
Just add this to your configuration code :
.csrf().disable()
即:
http.
.csrf().disable().
authorizeRequests()
.antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
.and()
.formLogin().loginPage("/login").failureUrl("/login?error")
.usernameParameter("username").passwordParameter("password")
.and()
.logout().logoutSuccessUrl("/login?logout")
.and()
.exceptionHandling().accessDeniedPage("/403");
如果需要启用CSRF,请参考文档:
Refer docs ,if you need to enable CSRF :
http://docs.spring.io/spring-security/site/docs/4.0.x/reference/htmlsingle/#csrf-configure
这篇关于405不允许用于POST的方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!