郵遞員一直告訴我405 Method Not Allowed
我的 Udemy 課堂講師做到了這一點,并且奏效了。
@PostMapping(consumes = "application/json")
@ResponseStatus(HttpStatus.CREATED)
public Employee create(@RequestBody Employee employee) {
return employeeRepository.save(employee);
}
整個班級如下
package com.example.pma.projectmanagement.api.controllers;
import com.example.pma.projectmanagement.dao.EmployeeRepository;
import com.example.pma.projectmanagement.entities.Employee;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.*;
import java.util.List;
@RestController
@RequestMapping("/app-api/employees")
public class EmployeeApiController {
@Autowired
EmployeeRepository employeeRepository;
@GetMapping
public Iterable<Employee> getEmployees() {
return employeeRepository.findAll();
}
@GetMapping("/{id}")
public Employee getEmployeeById(@PathVariable("id") Long id) {
return employeeRepository.findById(id).get();
}
@PostMapping(consumes = "application/json")
@ResponseStatus(HttpStatus.CREATED)
public Employee create(@RequestBody Employee employee) {
return employeeRepository.save(employee);
}
@PutMapping(path = "/{id}", consumes = "application/json")
@ResponseStatus(HttpStatus.OK)
public Employee update(@RequestBody Employee employee) {
return employeeRepository.save(employee);
}
@PatchMapping(path="/{id}", consumes = "application/json")
@ResponseStatus(HttpStatus.OK)
public Employee partialUpdate(@PathVariable("id") long id, @RequestBody Employee patchEmployee) {
Employee e = employeeRepository.findById(id).get();
if(patchEmployee.getEmail() != null) {
e.setEmail(patchEmployee.getEmail());
}
if(patchEmployee.getFirstName() != null) {
e.setFirstName(patchEmployee.getFirstName());
}
if(patchEmployee.getLastName() != null) {
e.setLastName(patchEmployee.getLastName());
}
return employeeRepository.save(e);
}
}
我可以 GET 但我不能 POST、PUT 或 PATCH
更新:我正在使用 Spring Security,在 Thymeleaf 中,我必須添加
<input type="hidden" th:value="${_csrf.token}" name="_csrf" />
我的 JSON 正文中是否需要其他任何內容來執行 csrf?
我啟用了除錯并獲得了日志檔案
2022-02-04 00:09:43.972 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /app-api/employees/ at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2022-02-04 00:09:43.972 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /app-api/employees/ at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2022-02-04 00:09:43.972 DEBUG 29544 --- [http-nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
2022-02-04 00:09:43.972 DEBUG 29544 --- [http-nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@6638e8dc. A new one will be created.
2022-02-04 00:09:43.972 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /app-api/employees/ at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2022-02-04 00:09:43.972 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /app-api/employees/ at position 4 of 14 in additional filter chain; firing Filter: 'CsrfFilter'
2022-02-04 00:09:43.972 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.csrf.CsrfFilter : Invalid CSRF token found for http://localhost:8080/app-api/employees/
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@4bb07a96
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /error at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /error at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@6638e8dc. A new one will be created.
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /error at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /error at position 4 of 14 in additional filter chain; firing Filter: 'CsrfFilter'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /error at position 5 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/logout'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /error at position 6 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/login'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /error at position 7 of 14 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /error at position 8 of 14 in additional filter chain; firing Filter: 'DefaultLogoutPageGeneratingFilter'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /error at position 9 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.s.HttpSessionRequestCache : saved request doesn't match
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /error at position 10 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /error at position 11 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@ae239419: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: CAC31DD8567E461C97442AC1C889DAD0; Granted Authorities: ROLE_ANONYMOUS'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /error at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /error at position 13 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /error at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/projects/new'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/projects/save'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/employees/new'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/employees/save'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Request '/error' matched by universal pattern '/**'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /error; Attributes: [permitAll]
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@ae239419: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: CAC31DD8567E461C97442AC1C889DAD0; Granted Authorities: ROLE_ANONYMOUS
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@7031aa78, returned: 1
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.security.web.FilterChainProxy : /error reached end of additional filter chain; proceeding with original chain
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/projects/new'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/projects/save'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/employees/new'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/employees/save'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/'
2022-02-04 00:09:43.973 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Request '/error' matched by universal pattern '/**'
2022-02-04 00:09:43.974 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@7031aa78, returned: 1
2022-02-04 00:09:43.974 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.web.servlet.DispatcherServlet : "ERROR" dispatch for POST "/error", parameters={}
2022-02-04 00:09:43.974 DEBUG 29544 --- [http-nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2022-02-04 00:09:43.974 WARN 29544 --- [http-nio-8080-exec-7] .w.s.m.s.DefaultHandlerExceptionResolver : Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported]
2022-02-04 00:09:43.974 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.web.servlet.DispatcherServlet : Exiting from "ERROR" dispatch, status 405
2022-02-04 00:09:43.974 DEBUG 29544 --- [http-nio-8080-exec-7] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2022-02-04 00:09:43.974 DEBUG 29544 --- [http-nio-8080-exec-7] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
在我的 SecurityConfiguration 檔案中,如果我添加這個,POSTMAN 可以作業。
http.csrf().disable();
但我覺得我不應該禁用安全性來測驗。部署后,我會洗掉該行
這是我的整個檔案
package com.example.pma.projectmanagement.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import javax.sql.DataSource;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
BCryptPasswordEncoder bCryptPasswordEncoder;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("SELECT USERNAME, PASSWORD, ENABLED FROM USER_ACCOUNTS WHERE USERNAME = ?")
.authoritiesByUsernameQuery("SELECT USERNAME, ROLE FROM USER_ACCOUNTS WHERE USERNAME = ?")
.dataSource(dataSource)
.passwordEncoder(bCryptPasswordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/projects/new").hasRole("ADMIN")
.antMatchers("/projects/save").hasRole("ADMIN")
.antMatchers("/employees/new").hasAuthority("ADMIN")
.antMatchers("/employees/save").hasAuthority("ADMIN")
.antMatchers("/", "/**").permitAll()
.and()
.formLogin();
http.csrf().disable(); // added this line to get POSTMAN to work
http.headers().frameOptions().disable();
}
}
uj5u.com熱心網友回復:
從您的 URL 中洗掉 /12。由于 PostMapping 注釋中沒有值,它將使用控制器的 RequestMapping 值。您得到 405 的原因是因為該 URI 只有一個 GetMapping。
uj5u.com熱心網友回復:
啟用 csrf 后(假設您可以在禁用 csrf 時使用 postman 發布),您必須在 postman 帖子中包含 csrf 值。您可以從具有
<input type="hidden" th:value="${_csrf.token}" name="_csrf" />
你上面提到的。
uj5u.com熱心網友回復:
在您的郵遞員中...您是否在 url 欄位的左側創建了“發布”方法...?
那必須解決它。
轉載請註明出處,本文鏈接:https://www.uj5u.com/qiye/426784.html
下一篇:發布請求不會回傳適當的資料