Announcement Announcement Module
Collapse
No announcement yet.
HTTP Status 405 - Request method 'POST' not supported Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • HTTP Status 405 - Request method 'POST' not supported

    I am getting "HTTP Status 405 - Request method 'POST' not supported" error message on clicking submit button in login form.

    I am using Spring 3.0 security framework.

    Please find below the code:

    login.jsp
    Code:
    <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
    
    	<c:if test="${param.login_error == 'true'}">
    		<font color="red">Your login attempt was not successful, please
    			try again.<br /> Reason: <c:out
    				value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />.
    		</font>
    	</c:if>
    	<form name="f" action="<c:url value='/j_spring_security_check'/>"
    		method="POST">
    		<div>
    			Username: <input id="j_username" type='text' name='j_username'
    				style="width: 150px" />
    		</div>
    		<br />
    		<div>
    			Password: <input id="j_password" type='password' name='j_password'
    				style="width: 150px" />
    		</div>
    		<br />
    		<div>
    			Remember me: <input id="_spring_security_remember_me" type='checkbox'
    				name='_spring_security_remember_me' value='on' checked='checked' />
    		</div>
    		<br />
    		<div>
    			<a href="login_forgot.htm">forgot password</a>
    		</div>
    		<br />
    		<div>
    			<input id="proceed" type="submit" value="Login" />
    			<input id="reset" type="reset" value="Reset" />
    		</div>
    	</form>
    
    </div>
    security-config.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
    
    	<!-- HTTP security configurations -->
    	<http auto-config="true" use-expressions="true">
    
    		<form-login login-processing-url="/j_spring_security_check" login-page="/login.htm"
    			authentication-failure-url="/login.htm?login_error=t"
    			default-target-url="/home" />
    
    		<logout logout-url="/logout" logout-success-url="/" />
    
    		<remember-me key="myAppKey" token-validity-seconds="864000" />
    
    		<!-- Configure these elements to secure URIs in your application -->
    		<intercept-url pattern="/admin.htm" access="hasRole('ROLE_ADMIN')" />
    
    	</http>
    
    	<!-- Configure Authentication mechanism -->
    	<authentication-manager alias="authenticationManager">
    
    		<authentication-provider>
    
    			<jdbc-user-service data-source-ref="dataSource"
    				users-by-username-query="select NAME, PASSWORD, true from PERSON where NAME = ? and STATUS = 'Active'"
    				authorities-by-username-query="select p.NAME, pr.AUTHORITY from PERSON p, PERSON_ROLE pr
    											   where p.PERSON_ID = pr.PERSON_ID and p.NAME = ? " />
    
    		</authentication-provider>
    
    	</authentication-manager>
    
    </beans:beans>

  • #2
    Are you certain it is Spring Security giving this response (perhaps it is after the log in has been processed)? What do your logs look like?

    Comment


    • #3
      Hi Rob, I am pretty sure it is Spring Security response because the url displayed on browser error page is http://localhost:8080/vikas/j_spring_security_check.

      please find below the log messages after submit on login screen:

      Code:
      http-apr-8080-exec-7 DEBUG servlet.DispatcherServlet - DispatcherServlet with name 'demo' processing POST request for [/vikas/j_spring_security_check]
      http-apr-8080-exec-7 DEBUG annotation.RequestMappingHandlerMapping - Looking up handler method for path /j_spring_security_check
      http-apr-8080-exec-7 DEBUG annotation.RequestMappingHandlerMapping - Did not find handler method for [/j_spring_security_check]
      http-apr-8080-exec-7 DEBUG handler.SimpleUrlHandlerMapping - Matching patterns for request [/j_spring_security_check] are [/**]
      http-apr-8080-exec-7 DEBUG handler.SimpleUrlHandlerMapping - URI Template variables for request [/j_spring_security_check] are {}
      http-apr-8080-exec-7 DEBUG handler.SimpleUrlHandlerMapping - Mapping [/j_spring_security_check] to HandlerExecutionChain with handler [org.springframework.web.servlet.resource.ResourceHttpRequestHandler@51e202] and 1 interceptor
      http-apr-8080-exec-7 DEBUG annotation.ResponseStatusExceptionResolver - Resolving exception from handler [org.springframework.web.servlet.resource.ResourceHttpRequestHandler@51e202]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported
      http-apr-8080-exec-7 DEBUG support.DefaultHandlerExceptionResolver - Resolving exception from handler [org.springframework.web.servlet.resource.ResourceHttpRequestHandler@51e202]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported
      http-apr-8080-exec-7 WARN  servlet.PageNotFound - Request method 'POST' not supported
      http-apr-8080-exec-7 DEBUG servlet.DispatcherServlet - Null ModelAndView returned to DispatcherServlet with name 'demo': assuming HandlerAdapter completed request handling
      http-apr-8080-exec-7 DEBUG servlet.DispatcherServlet - Successfully completed request
      Also, I have commented DelegatingFilterProxy filter in web.xml:

      web.xml:

      Code:
      <?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
      <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      	version="2.5"
      	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
      
      
      	<display-name>Demo</display-name>
      
      	<description>Demo</description>
      
      	<context-param>
      		<param-name>webAppRootKey</param-name>
      		<param-value>vikas.root</param-value>
      	</context-param>
      
      	<context-param>
      		<param-name>log4jConfigLocation</param-name>
      		<param-value>WEB-INF/spring/log4j.xml</param-value>
      	</context-param>
      
      	<!-- Enable escaping of form submission contents -->
      	<context-param>
      		<param-name>defaultHtmlEscape</param-name>
      		<param-value>true</param-value>
      	</context-param>
      
      	<context-param>
      		<param-name>contextConfigLocation</param-name>
      		<param-value />
      	</context-param>
      
      	<filter>
      		<filter-name>CharacterEncodingFilter</filter-name>
      		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
      		<init-param>
      			<param-name>encoding</param-name>
      			<param-value>UTF-8</param-value>
      		</init-param>
      		<init-param>
      			<param-name>forceEncoding</param-name>
      			<param-value>true</param-value>
      		</init-param>
      	</filter>
      
      	<filter>
      		<filter-name>HttpMethodFilter</filter-name>
      		<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
      	</filter>
      
      	<filter-mapping>
      		<filter-name>CharacterEncodingFilter</filter-name>
      		<url-pattern>/*</url-pattern>
      	</filter-mapping>
      
      	<filter-mapping>
      		<filter-name>HttpMethodFilter</filter-name>
      		<url-pattern>/*</url-pattern>
      	</filter-mapping>
      
      	<!-- Keep the listener commented-out if using JBoss -->
      	<listener>
      		<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
      	</listener>
      
      	<!-- Creates the Spring Container shared by all Servlets and Filters -->
      	<listener>
      		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
      	</listener>
      
      	<!-- Handles Spring requests -->
      	<servlet>
      		<servlet-name>demo</servlet-name>
      		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
      		<init-param>
      			<param-name>contextConfigLocation</param-name>
      			<param-value>WEB-INF/spring/applicationContext.xml</param-value>
      		</init-param>
      		<load-on-startup>1</load-on-startup>
      	</servlet>
      
      	<servlet-mapping>
      		<servlet-name>demo</servlet-name>
      		<url-pattern>/</url-pattern>
      	</servlet-mapping>
      
      	<!-- <filter> -->
      	<!-- <filter-name>springSecurityFilterChain</filter-name> -->
      	<!-- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> -->
      	<!-- </filter> -->
      
              <!-- <filter-mapping> -->
      	<!-- <filter-name>springSecurityFilterChain</filter-name> -->
      	<!-- <url-pattern>/*</url-pattern> -->
      	<!-- </filter-mapping> -->
      
      	<session-config>
      		<session-timeout>10</session-timeout>
      	</session-config>
      
      	<error-page>
      		<error-code>404</error-code>
      		<location>/resourceNotFound</location>
      	</error-page>
      </web-app>
      If I uncomment above filter then getting resource not found for all urls.

      Comment


      • #4
        If springSecurityFilterChain is commented out, then it means Spring Security is not processing the URLs. This is demonstrated by the logs which states that the DispatcherServlet is trying to process /j_spring_security_check. If Spring Security is processing the URL, it would never get to the DispatcherServlet. In short, this message appears to be coming from Spring MVC's Dispatcher Servlet which is not set up to process /j_spring_security_check as a POST. You will need to uncomment springSecurityFilterChain before Spring Security will process the URL.

        Comment


        • #5
          On un-commenting springSecurityFilterChain, I am getting below error message in the localhost.2012-11-14.log file of tomcat:

          Code:
          SEVERE: Exception starting filter springSecurityFilterChain
          org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined
          As per Spring Security docs, <http> element automatically creates a FilterChainProxy. And I am using <http> element as mentioned in my first post. Then why this error?

          Also, in application-context.xml, I am importing security-config.xml as shown below:

          <import resource="security-config.xml" />

          Comment


          • #6
            The DelegatingFilterProxy is only aware of the parent application context (i.e. what is loaded by the ContextLoaderListener). This means the security configuration needs to be specified in the contextConfigLocation (which is currently empty). The DispatcherServlet loads a child ApplicationContext which is private to the SpringMVC configuration (i.e. DelegatingFIlterProxy will not be able to find it).

            Comment


            • #7
              Thanks Rob for clearing my doubts. Now, its working fine!

              Comment

              Working...
              X