Spring security 不支持post请求,报错:405错误
上网查看了很多相关问题的都说关闭csrf,但是关闭了还是报405错误Request method 'POST' not supported,后台也接收不到数据
有无帮忙解决一下,下面是配置文件
spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 配置不过滤的资源(静态资源及登录相关) -->
<security:http security="none" pattern="/static/css/**" />
<security:http security="none" pattern="/static/img/**" />
<security:http security="none" pattern="/static/js/**" />
<security:http security="none" pattern="/login.html" />
<security:http security="none" pattern="/fail.html" />
<security:http auto-config="true" use-expressions="false">
<!-- 配置拦截路径及通行权限 -->
<security:intercept-url pattern="/**" access="ROLE_USER" />
<!--
login-page 自定义登陆页面
authentication-failure-url 用户权限校验失败跳转页面,如果数据库中没有这个用户则不会跳转到这个页面。
default-target-url 登陆成功跳转页面
注:登陆页面用户名固定 username,密码 password,action:login -->
<security:form-login login-page="/login.html"
login-processing-url="/login.do"
authentication-failure-url="/fail.html"
default-target-url="/index.html"/>
<!-- 登出,
invalidate-session 是否删除session
logout-url:登出处理链接
logout-success- url:登出成功页面 -->
<security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.html" />
<!-- 关闭 C S R F,跨服务器请求,默认是开启的,关闭 -->
<security:csrf disabled="true" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userService">
<!--用户密码未加密,添加{noop}-->
</security:authentication-provider>
</security:authentication-manager>
</beans>
login.html
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form th:action="@{/login.do}" method="post">
<input type="text" name="username"><br/>
<input type="password" name="password"><br/>
<input type="reset" value="重置">
<input type="submit" name="submit" value="login">
</form>
</body>
</html>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0">
<!-- <context-param>-->
<!-- <param-name>contextConfigLocation</param-name>-->
<!-- <param-value>classpath:spring-security.xml</param-value>-->
<!-- </context-param>-->
<!-- <listener>-->
<!-- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>-->
<!-- </listener>-->
<!-- 字符集过滤器 -->
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- security过滤器 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 前端控制器:所有的请求都会经过此控制器,然后通过此控制器分发到各个分控制器,总控本质上还是一个Servlet,因为SpringMVC底层就是使用Servlet编写的 -->
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<!-- 创建前端控制器的时候读取springmvc配置文件启动ioc容器 -->
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</init-param>
<!-- Tomcat启动就创建此对象 -->
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<!-- / 匹配所有的请求;(不包括.jsp) -->
<!-- /* 匹配所有的请求;(包括.jsp) -->
<url-pattern>/</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
<welcome-file>login.html</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
application.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
https://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd">
<!-- 加入Spring MVC的配置 -->
<import resource="classpath:spring-mvc.xml"/>
<!-- 加入Spring security的配置 -->
<import resource="classpath:spring-security.xml"/>
<!-- 开启注解扫描 -->
<context:component-scan base-package="cn.zgj"/>
<!-- 加载外部的数据库信息 -->
<context:property-placeholder location="classpath:db.properties"/>
<!-- 配置连接池 -->
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource">
<property name="driverClassName" value="${jdbc.driver}"/>
<property name="url" value="${jdbc.url}"/>
<property name="username" value="${jdbc.username}"/>
<property name="password" value="${jdbc.password}"/>
<property name="filters" value="${filters}"/>
<!-- 最大并发连接数 -->
<property name="maxActive" value="${maxActive}"/>
<!-- 初始化连接数量 -->
<property name="initialSize" value="${initialSize}"/>
<!-- 配置获取连接等待超时的时间 -->
<property name="maxWait" value="${maxWait}"/>
<!-- 最小空闲连接数 -->
<property name="minIdle" value="${minIdle}"/>
<!-- 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 -->
<property name="timeBetweenEvictionRunsMillis" value="${timeBetweenEvictionRunsMillis}"/>
<!-- 配置一个连接在池中最小生存的时间,单位是毫秒 -->
<property name="minEvictableIdleTimeMillis" value="${minEvictableIdleTimeMillis}"/>
<!-- <property name = "validationQuery" value = "${validationQuery}" /> -->
<property name="testWhileIdle" value="${testWhileIdle}"/>
<property name="testOnBorrow" value="${testOnBorrow}"/>
<property name="testOnReturn" value="${testOnReturn}"/>
<property name="maxOpenPreparedStatements" value="${maxOpenPreparedStatements}"/>
<!-- 打开 removeAbandoned 功能 -->
<property name="removeAbandoned" value="${removeAbandoned}"/>
<!-- 1800 秒,也就是 30 分钟 -->
<property name="removeAbandonedTimeout" value="${removeAbandonedTimeout}"/>
<!-- 关闭 abandoned 连接时输出错误日志 -->
<property name="logAbandoned" value="${logAbandoned}"/>
</bean>
<!-- 配置SqlSessionFactory -->
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="dataSource"/>
<!--关联Mybatis-->
<property name="configLocation" value="classpath:mybatis-config.xml"/>
<property name="mapperLocations" value="classpath:mapper/*.xml"/>
</bean>
<!-- Mybatis整合 -->
<!-- Mapper 扫描器 -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<!-- 扫描 cn.zgj.dao 包下的组件 -->
<property name="basePackage" value="cn.zgj.dao"/>
</bean>
<!-- 配置事务管理器 -->
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource"/>
</bean>
<tx:annotation-driven transaction-manager="transactionManager"/>
</beans>
请求方式换成get请求。
<form th:action="@{/login.do}" method="get">
这个和security没关系,是你controller层的方法定义的是get方式吧
现在springboot官方建议不再使用xml方式配置。
可以看下我的项目。springboot+security