我有一个使用Spring的安全REST API Spring应用程序。 问题是,一些POST功能有时会返回200 OK精细工作,然后开始给我“405不允许的方法”的反应。 这是很奇怪的,因为我做了摘要式身份验证后的第几个电话去精(200 OK),然后剩下的返回405。
下面是我的配置:
控制器
@Controller
@RequestMapping("/restapi")
public class RestApiController {
private final static Logger logger = LoggerFactory.getLogger(ProviderApiController.class);
private Settings settings;
@RequestMapping(value = "/postmethod", method = RequestMethod.POST, consumes = MediaType.ALL_VALUE)
@ResponseBody
public String postmethod() {
return "OK";
}
}
web.xml中
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/application-context.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/web-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>10</session-timeout>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
</session-config>
<error-page>
<error-code>401</error-code>
<location>/error/401</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/error/404</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/error/500</location>
</error-page>
</web-app>
网络的context.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
<mvc:annotation-driven/>
<context:annotation-config/>
<context:component-scan base-package="com.rest.ws"/>
<!-- Enabling @Secured annotation to control access to the endpoints -->
<security:global-method-security secured-annotations="enabled"/>
<bean id="logginAspect" class="com.rest.aspect.LoggingAspect"/>
<aop:aspectj-autoproxy proxy-target-class="true">
<aop:include name="logginAspect" />
</aop:aspectj-autoproxy>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/error/" />
<property name="suffix" value=".jsp" />
</bean>
</beans>
应用程序的context.xml
<context:component-scan base-package="com.rest">
<context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
</context:component-scan>
<!-- Define entry point with no authentication -->
<security:http pattern="/restapi/secureFunc" security="none" />
<security:http entry-point-ref="digestEntryPoint">
<security:custom-filter ref="digestFilter" before="BASIC_AUTH_FILTER"/>
<security:http-basic />
<!-- Restricts anonymous access to all the pages -->
<security:intercept-url pattern="/restapi/**" access="ROLE_PROVIDER_TMPL" />
</security:http>
<security:authentication-manager>
<security:authentication-provider ref="daoAuthenticationProvider"/>
</security:authentication-manager>
这个问题第一次出现时,我加入了自定义/error页面,并在DispatcherServlet的改变url-pattern的web.xml从/*到/ 。
对于错误页面控制器:
@Controller
@RequestMapping("/error")
public class CustomErrorMappingController {
@RequestMapping(value = "/404", method = RequestMethod.GET)
public String pageNotFound(HttpServletRequest request, HttpServletResponse response, Model model) {
/*
* you can use the model,request and response object to customize the response
*/
return "pageNotFoundError";
}
@RequestMapping(value = "/500", method = RequestMethod.GET)
public String internalServerError(HttpServletRequest request, HttpServletResponse response, Model model) {
return "internalServerError";
}
@RequestMapping(value = "/401", method = RequestMethod.GET)
public String unauthorized(HttpServletRequest request, HttpServletResponse response, Model model) {
logger.debug("--- 401 Unauthorized");
return "unauthorizedError";
}
@RequestMapping(value = "/unauthorizedError.jsp", method = RequestMethod.GET)
public String unauthorizedError() {
return "Unauthorized error custom.";
}
}
错误页面是在名为internalServerError.jsp等目录/ JSP的错误。
任何建议都非常欢迎。
