1

我在将 JBoss Seam 网站移植到 Spring MVC 时正在学习 Spring MVC(使用 Thymeleaf)。

我正在尝试用带有以下代码的 Spring 控制器替换 HTTPServlet(doPost 到 /myservlet):

@RequestMapping(value="/myservlet", method = RequestMethod.POST)
public String executeAction(HttpServletRequest request, HttpServletResponse response) throws IOException {

     StringBuilder buffer = new StringBuilder();
     BufferedReader reader = request.getReader();

     String line;
     while((line = reader.readLine()) != null) {
         buffer.append(line);
     }

     String payload = buffer.toString();
     System.out.println("payload: " + payload);
     return "/index";
}

此方法需要读取通过 HTTP Post 发送到此端点的 XML Payload (String)。

当外部客户端(.NET - 将在实时环境中使用)调用它时,我会收到以下日志消息:

[org.springframework.web.servlet.PageNotFound] (default task-3) Request method 'POST' not supported
[org.springframework.web.servlet.mvc.support.DefaultHandlerExceptionResolver] (default task-3) Handler execution resulted in exception: Request method 'POST' not supported

我也将其作为 HTTPServlet 进行了尝试,但遇到了同样的问题。有人可以告诉我我做错了什么吗?

web.xml 内容为:

<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

    <error-page>
        <error-code>404</error-code>
        <location>/404.html</location>
    </error-page>

  <!-- Send unauthorised request to the 404 page -->
  <error-page>
    <error-code>403</error-code>
    <location>/404.html</location> 
  </error-page>

    <!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring/root-context.xml</param-value>
    </context-param>

    <!-- Creates the Spring Container shared by all Servlets and Filters -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!-- Processes application requests -->
    <servlet>
        <servlet-name>appServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
        /WEB-INF/spring/appServlet/servlet-context.xml
      </param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>appServlet</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

  <!-- Spring Security -->
  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <listener>
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
  </listener>

</web-app>

xml 有效负载:

<Jobs>
    <Job Action="Post">
        <AdvertiserName>Advertiser1</AdvertiserName>
        <AdvertiserType ValueID="15897">15897</AdvertiserType>
        <SenderReference>01111111</SenderReference>
        <DisplayReference>DISPLAYREF_635346301296069467_4445_Test89
        </DisplayReference>
        <Classification ValueID="6211">1002915</Classification>
        <SubClassification></SubClassification>
        <Position><![CDATA[CASE MANAGER]]></Position>
        <Description><![CDATA[ The Case Manager role is the vital link between all parties within the mortgage application process. ...]]></Description>
        <Country ValueID="246">United Kingdom</Country>
        <Location ValueID="12096">Yorkshire</Location>
        <Area ValueID="107646">Bradford</Area>
        <PostalCode>BD1 1EE</PostalCode>
        <ApplicationURL>http://removed.com/Application.aspx?uPjAaXJ9HmZ04+4i/bqmFAz
        </ApplicationURL>
        <Language ValueID="120036">2057</Language>
        <ContactName>Joe Bloggs</ContactName>
        <EmploymentType ValueID="2163">2163</EmploymentType>
        <StartDate></StartDate>
        <Duration></Duration>
        <WorkHours ValueID="2190">2190</WorkHours>
        <SalaryCurrency ValueID="1078">1007000</SalaryCurrency>
        <SalaryMinimum>16200.00</SalaryMinimum>
        <SalaryMaximum>16200.00</SalaryMaximum>
        <SalaryPeriod ValueID="2178">1007600</SalaryPeriod>
        <JobType>APPLICATION</JobType>
    </Job>
</Jobs>
4

2 回答 2

3

如果其他人遇到此问题,则问题与方法签名和 CSRF 有关。

我通过遵循 geoand 的建议(谢谢)通过更改方法签名以添加 @RequestBody String 有效负载解决了这个问题

通过禁用特定 URL (/myservlet) 的 CSRF,但在 spring 安全配置中使用以下内容为其他 URL 启用它:

<http auto-config="true" use-expressions="true" pattern="/myservlet" >
  <csrf disabled="true"/>
</http>

<http auto-config="true" use-expressions="true" >    
  <access-denied-handler error-page="/403" />
  <form-login login-page="/login.html" authentication-failure-url="/login-error.html" authentication-success-handler-ref="customAuthenticationSuccessHandler" />
  <logout logout-success-url="/index" />
  <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
  <intercept-url pattern="/advertiser/**" access="hasRole('ROLE_ADVERTISER')" />
  <csrf disabled="false"/>
</http>

谢谢大家的回复/评论。

卡兹

于 2015-09-09T20:36:40.520 回答
0

我删除了 crsf

.and().csrf().and().exceptionHandling().accessDeniedPage("/Access_Denied");

我改变为

and().exceptionHandling().accessDeniedPage("/Access_Denied");//this Work
于 2020-05-07T21:33:07.460 回答