[問題] spring security 問題

作者: swallowcc (guest)   2015-05-14 10:59:14
大家好,目前有個狀況是
只要一開 spring security, post method 就會進不去...
以下是設定檔跟程式片段
Test.java
...
@RequestMapping(value = { "/test" }, method = RequestMethod.POST)
public void testPost() {
System.out.println("post");
}
@RequestMapping(value = { "/test" }, method = RequestMethod.GET)
public void testGet(HttpServletRequest req) {
System.out.println("get");
}
...
spring-security.xml
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/test" access="permitAll" />
...
</http>
web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
result
同時做了/test的post跟get method, 結果只有出現get...
2015-05-14 WARN PageNotFound:198 - Request method 'POST' not supported
get
...
想請問一下這樣是否有辦法看出哪邊設定出錯?
(如果spring-security.xml的permitAll改成denyAll的話,get會被擋住,
所以設定上應該沒問題才是?)
或者是說有其他的方式可以不要檢查 /test post method?
感謝 <(_ _)>
作者: swallowcc (guest)   2015-05-14 14:46:00
解開了orz 另外開一個 <http /> 就好...<http pattern="/test*" security="none"/>
作者: yyc1217 (somo)   2015-05-14 18:53:00
如果是最新版的話 csrf防護預設是開的 POST要附_csrfhttp://goo.gl/xjDXHKsecurity="none"就沒意義了建議把security的log level調到debug 會看得更清楚~
作者: swallowcc (guest)   2015-05-14 21:52:00
感謝,我研究看看 ^^>

Links booklink

Contact Us: admin [ a t ] ucptt.com