Spring Mvc Controller - problem with delete

i working in a j2ee project (pojo layer, Dao layer(hibernate), Service Layer(spring), View(spring mvc)) i have a table of articles after each row i want to add a link to remove it.

this is my view

<c:if test="${!empty articles}">
<table>
    <tr>
        <th>Article ID</th>
        <th>Article Name</th>
        <th>Article Desc</th>
        <th>Added Date</th>
        <th>operation</th>
    </tr>

    <c:forEach items="${articles}" var="article">
        <tr>
            <td><c:out value="${article.articleId}"/></td>
            <td><c:out value="${article.articleName}"/></td>
            <td><c:out value="${article.articleDesc}"/></td>
            <td><c:out value="${article.addedDate}"/></td>
            <td><a href="articles/${article.articleId}">delete</a></td>
        </tr>
    </c:forEach>
</table>

here is the controller to delete

@RequestMapping(value="/articles/{articleId}", method=RequestMethod.POST)
public String deleteContact(@PathVariable("articleId")
Integer articleId) {

    articleService.removeArticle(articleId);

    return "redirect:/articles.html";
}

this is the servcice layer

    @Transactional(propagation = Propagation.REQUIRED, readOnly = false)
public void removeArticle(Integer id) {
    articleDao.removeArticle(id);
}

this is the Dao layer (i try to find the article then to remove it)

    public void removeArticle(Integer id) {
            //to get the article
    Article article = (Article) sessionFactory.getCurrentSession().load(
            Article.class, id);
    if (null != article) {
        sessionFactory.getCurrentSession().delete(article);
    }

}

but when i run the project and i click the delete link, i have an 404 error Etat HTTP 404 - /Spring3Hibernate/articles/1 description The requested resource (/ Spring3Hibernate/articles/1) is not available

can somebody help me?

回答1:

 <td><a href="articles/${article.articleId}">delete</a></td>

This is standard GET request, but your controller is mapped to POST.

@RequestMapping(value="/articles/{articleId}", method=RequestMethod.POST)

In addition, it looks like very big security issue. I can write very simple 10 lines program which will call using get or post request to from /articles/1 to /articles/{any number} and delete your entire data. I recommend just to take it into consideration while designing such applications.

回答2:

Try the request method to be DELETE. GET method is not advised for something that will change a value in the server/db. If you want to stick with post make it a form submit instead of a href

RequestMapping(value="/articles/{articleId}", method=RequestMethod.DELETE)