Spring Mvc控制器 - 删除的问题 [英] Spring Mvc Controller - problem with delete
问题描述
我在一个j2ee项目(pojo层,Dao层(hibernate),服务层(spring),视图(spring mvc))工作
i有一个表的文章后,我想添加一个链接
< c: if test =$ {!empty articles}>
< table>
< tr>
< th>文章ID< / th>
< th>文章名称< / th>
< th>文章说明< / th>
< th>已添加日期< / th>
< th>操作< / th>
< / tr>
< c:forEach items =$ {articles}var =article>
< tr>
< td>< c:out value =$ {article.articleId}/>< / td>
< td>< c:out value =$ {article.articleName}/>< / td>
< td>< c:out value =$ {article.articleDesc}/>< / td>
< td>< c:out value =$ {article.addedDate}/>< / td>
< td>< a href =articles / $ {article.articleId}> delete< / a>< / td>
< / tr>
< / c:forEach>
< / table>
@RequestMapping(value =/ articles / {articleId},method = RequestMethod.POST)
public String deleteContact(@PathVariable(articleId)
Integer articleId){
articleService.removeArticle(articleId);
returnredirect:/articles.html;
}
这是servcice层
@Transactional(propagation = Propagation.REQUIRED,readOnly = false)
public void removeArticle(Integer id){
articleDao.removeArticle(id);
}
这是Dao层(我试图找到文章, )
public void removeArticle(Integer id){
//获取文章
文章article = (Article)sessionFactory.getCurrentSession()。load(
Article.class,id);
if(null!= article){
sessionFactory.getCurrentSession()。delete(article);
}
}
但是当我运行项目和我点击删除链接,我有一个404错误
Etat HTTP 404 - / Spring3Hibernate / articles / 1
描述请求的资源(/ Spring3Hibernate / articles / 1)不可用
有人可以帮助我吗?
td>< a href =articles / $ {article.articleId}> delete< / a>< / td>
这是标准的GET请求,但是你的控制器映射到POST。
@RequestMapping(value =/ articles / {articleId},method = RequestMethod.POST)
此外,它看起来像非常大的安全问题。我可以写非常简单的10行程序,它将调用使用get或post请求从/ articles / 1到/ articles / {任何数字},并删除您的整个数据。我建议只是在设计这样的应用程序时考虑到。
i working in a j2ee project (pojo layer, Dao layer(hibernate), Service Layer(spring), View(spring mvc)) i have a table of articles after each row i want to add a link to remove it.
this is my view
<c:if test="${!empty articles}">
<table>
<tr>
<th>Article ID</th>
<th>Article Name</th>
<th>Article Desc</th>
<th>Added Date</th>
<th>operation</th>
</tr>
<c:forEach items="${articles}" var="article">
<tr>
<td><c:out value="${article.articleId}"/></td>
<td><c:out value="${article.articleName}"/></td>
<td><c:out value="${article.articleDesc}"/></td>
<td><c:out value="${article.addedDate}"/></td>
<td><a href="articles/${article.articleId}">delete</a></td>
</tr>
</c:forEach>
</table>
here is the controller to delete
@RequestMapping(value="/articles/{articleId}", method=RequestMethod.POST)
public String deleteContact(@PathVariable("articleId")
Integer articleId) {
articleService.removeArticle(articleId);
return "redirect:/articles.html";
}
this is the servcice layer
@Transactional(propagation = Propagation.REQUIRED, readOnly = false)
public void removeArticle(Integer id) {
articleDao.removeArticle(id);
}
this is the Dao layer (i try to find the article then to remove it)
public void removeArticle(Integer id) {
//to get the article
Article article = (Article) sessionFactory.getCurrentSession().load(
Article.class, id);
if (null != article) {
sessionFactory.getCurrentSession().delete(article);
}
}
but when i run the project and i click the delete link, i have an 404 error Etat HTTP 404 - /Spring3Hibernate/articles/1 description The requested resource (/ Spring3Hibernate/articles/1) is not available
can somebody help me?
<td><a href="articles/${article.articleId}">delete</a></td>
This is standard GET request, but your controller is mapped to POST.
@RequestMapping(value="/articles/{articleId}", method=RequestMethod.POST)
In addition, it looks like very big security issue. I can write very simple 10 lines program which will call using get or post request to from /articles/1 to /articles/{any number} and delete your entire data. I recommend just to take it into consideration while designing such applications.
这篇关于Spring Mvc控制器 - 删除的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!