All geek questions in one place

AJAX POST results in 405 (method not allowed) - Spring MVC

I am trying to make an ajax call to my Spring controller / action using the POST method and return the object from the server using @ResponseBody. The strange situation is that it stops working after adding the Spring security level, everything works fine. I will try to explain my actions to solve the problem, and then show you the code / captures, etc.

1. After some research, I found several answers suggesting that the problem may be related to the csrf mechanism, so I disabled it and still have the problem. (spring -security.xml below)

2. I checked the wire capture to check the request / response. My ajax request is fine, my controller declaration is fine, but I don't understand why the 405 answer indicates> Allow: GET (snapshot below)

3. I tried to access the action of my controller through a browser (ie. Make a GET request), and I get an error message Status HTTP 405 - The request method "GET" is not supported !

4. I tried to change RequestMapping (method ...) to RequestMethod.GET, and the request goes to the controller and works fine, but I don’t want it to work with the GET method, I want a POST request.

5. Changed RequestMapping (consumes, produces, headers) to accept all kinds of data, but still 405 ...

It drives me crazy! I am posting my files below, so you can check it guys, any advice would be appreciated. Thank you (IMPORTANT NOTE: this is my configuration of despair)

spring -security.xml

<beans:beans 
     xmlns...(all needed declarations)>

<http pattern="/js/**" security="none" />
<http pattern="/css/**" security="none" />

<!-- enable use-expressions -->
<http auto-config="true" >
    <access-denied-handler error-page="/403" />
    <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
    <intercept-url pattern="/login" access="isAnonymous()" />
    <intercept-url pattern="/403" access="permitAll" />
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

    <form-login  login-page="/login"
                 username-parameter="email"
                 password-parameter="password"
                 authentication-failure-url="/login?failed" />

    <!--
    <csrf/>
    -->
</http>

 ..... (authentication)

Adminmin controller.java

@Controller
@RequestMapping("/admin**")
public class AdminController {

    ... (all my autowired beans)

    @RequestMapping(
        value = "/events/loadEvents",
        method = RequestMethod.POST,
        consumes = MediaType.ALL_VALUE,
        produces = MediaType.ALL_VALUE,
        headers = "Accept=*/*")
    @ResponseBody
    public Event loadEvents(@RequestParam("parentId") long parentId) {
        ... (my logic)
        return event;
    }
}

Request (wire capture) HTTP request (the link is blurry because I used a simplified one in my question)

Answer (wire capture) enter image description here

EDIT jquery ajax call code

$.ajax({
    type: 'POST',
    cache: false,
    url: /admin/events/loadEvents,
    data: { parentId: 1 },
    dataType = 'json',
    contentType = 'application/json',

    ...
});
+4
source share
2 answers

After many hours of research and testing, I finally got it, ant it was a (very very) stupid situation. So in my question I said

so I disabled it (csrf on spring -security.xml) and still the problem.

No, I did not turn it off. I tried to disable its execution

<!--
<csrf/>
-->

But I have to do:

<csrf disabled="true"/>

csrf csrf, csrf ! , , , , csrf, , , . Spring

. 405 POST AJAX CSRF ENABLED, . csrf JS :

<script type="text/javascript">
    var csrfParameter = '${_csrf.parameterName}';
    var csrfToken = '${_csrf.token}';
</script>

ajax :

var jsonParams = {};
jsonParams['parentId'] = 1;
jsonParams[csrfParameter] = csrfToken;
$.ajax({
    type: 'POST',
    cache: false,
    url: /admin/events/loadEvents,
    data: jsonParams,
    dataType = 'json',
    contentType = 'application/json',

    ...
});

. , - .

+8

$.ajaxSetup({
    dataType: "json",
    beforeSend: function(xhr, settings){
        var csrftoken = $.cookie('CSRF-TOKEN');
        xhr.setRequestHeader("X-CSRF-TOKEN", csrftoken);
    },
});
-1

Source: https://habr.com/ru/post/1619755/

More articles:


All Articles