Menu
I am trying to implement a simple login page with Spring security. Whatever I do, I always get an error Error 405 Request method 'POST' not supported when submitting form input.
Related files:
SecurityConfig.java:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception
{
auth.inMemoryAuthentication().withUser("admin").password("abc123").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.authorizeRequests()
.antMatchers("/", "/thank-you", "/faq", "/legal", "/policy").permitAll()
.antMatchers("/admin/**").access("hasRole('ADMIN')")
.and().formLogin().loginPage("/login")
.usernameParameter("ssoId").passwordParameter("password")
.and().csrf()
.and().exceptionHandling().accessDeniedPage("/");
}
}
SecurityWebApplicationInitializer.java:
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer
{
}
part of my controller:
@RequestMapping(value = "/login", method = RequestMethod.GET)
public ModelAndView loginPage( )
{
return new ModelAndView("WEB-INF/views/login");
}
pom.xml:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.2.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.0.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>4.2.5.RELEASE</version>
</dependency>
login.jsp:
<form action="/login" method="post">
<div>
<label for="j_username">Username</label> <br>
<input type="text" class="form-control" id="j_username" name="ssoId" required />
</div>
<div>
<label for="j_password">Password</label> <br>
<input type="password" class="form-control" id="j_password" name="password" required />
</div>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<div class="form-actions">
<input type="submit" value="Log in" />
</div>
I think the problem is with the fact that my $(_csrf.parameterName} and ${_csrf.token} are both empty when Inspecting them. If you need any additional information, I would be happy to supply it.
443
i know it's a 3 years old question, but my answer can help others. So, i had this situation also; and i've found out that Spring CSRF don't allow POST Method. so what i did is disabling CSRF and manually send the CSRF Tokens like below:
@Override
protected void configure(HttpSecurity http) throws Exception{
http.authorizeRequests()
.antMatchers("/", "/login").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.and()
.formLogin().loginPage("/login")
.defaultSuccessUrl("/admin").failureUrl("/login")
.and()
.csrf().disable();
}
and in the JSP file :
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
