作者swallowcc (罹患重度能年病的燕叔)
看板java
标题[问题] spring security 问题
时间Thu May 14 10:59:14 2015
大家好,目前有个状况是
只要一开 spring security, post method 就会进不去...
以下是设定档跟程式片段
Test.java
...
@RequestMapping(value = { "/test" }, method = RequestMethod.POST)
public void testPost() {
System.out.println("post");
}
@RequestMapping(value = { "/test" }, method = RequestMethod.GET)
public void testGet(HttpServletRequest req) {
System.out.println("get");
}
...
spring-security.xml
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/test" access="permitAll" />
...
</http>
web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
result
同时做了/test的post跟get method, 结果只有出现get...
2015-05-14 WARN PageNotFound:198 - Request method 'POST' not supported
get
...
想请问一下这样是否有办法看出哪边设定出错?
(如果spring-security.xml的permitAll改成denyAll的话,get会被挡住,
所以设定上应该没问题才是?)
或者是说有其他的方式可以不要检查 /test post method?
感谢 <(_ _)>
--
※ 发信站: 批踢踢实业坊(ptt.cc), 来自: 61.228.38.205
※ 文章网址: https://webptt.com/cn.aspx?n=bbs/java/M.1431572357.A.805.html
※ 编辑: swallowcc (61.228.38.205), 05/14/2015 11:08:42
1F:→ swallowcc: 解开了orz 另外开一个 <http /> 就好... 05/14 14:46
2F:→ swallowcc: <http pattern="/test*" security="none"/> 05/14 14:46
3F:→ yyc1217: 如果是最新版的话 csrf防护预设是开的 POST要附_csrf 05/14 18:53
5F:→ yyc1217: security="none"就没意义了 05/14 19:01
6F:→ yyc1217: 建议把security的log level调到debug 会看得更清楚~ 05/14 19:59
7F:→ swallowcc: 感谢,我研究看看 ^^> 05/14 21:52