0
我试图用邮差来测试登录处理URL Spring Security的配置设置:获得405方法不允许时后登录处理URL(春季安全)
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/list")
.access("hasRole('USER') or hasRole('ADMIN') or hasRole('DBA')")
.antMatchers("/newuser/**", "/delete-user-*")
.access("hasRole('ADMIN')")
.antMatchers("/edit-user-*")
.access("hasRole('ADMIN') or hasRole('DBA')")
.and()
.formLogin()
.loginProcessingUrl("/login-processing")
.usernameParameter("ssoId")
.passwordParameter("password")
.and()
.rememberMe()
.rememberMeParameter("remember-me")
.tokenRepository(persistentTokenRepository)
.tokenValiditySeconds(86400)
.and()
.csrf()
.and()
.exceptionHandling()
.accessDeniedPage("/Access_Denied");
}
当我访问默认/login,我得到这个:
<html>
<head>
<title>Login Page</title>
</head>
<body onload='document.f.ssoId.focus();'>
<h3>Login with Username and Password</h3>
<form name='f' action='/login-processing' method='POST'>
<table>
<tr>
<td>User:</td>
<td>
<input type='text' name='ssoId' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td>
<input type='password' name='password'/>
</td>
</tr>
<tr>
<td>
<input type='checkbox' name='remember-me'/>
</td>
<td>Remember me on this computer.</td>
</tr>
<tr>
<td colspan='2'>
<input name="submit" type="submit" value="Login"/>
</td>
</tr>
<input name="_csrf" type="hidden" value="26d11d4c-1477-41e7-9639-abe2f4ca114e" />
</table>
</form>
</body>
</html>
然后我用邮差测试/login-processing终点,我得到这个:
{
"timestamp": 1498962411086,
"status": 405,
"error": "Method Not Allowed",
"exception": "org.springframework.web.HttpRequestMethodNotSupportedException",
"message": "Request method 'POST' not supported",
"path": "/login-processing"
}
为什么/login-processing可以从/login访问,但无法由邮差访问?