项目环境:springMVC+Spring security
由于工程是用restful风格请求,删除使用DELETE方式请求,但一直请求一个方法报错:
WARN : Request method 'DELETE' not supported
请求地址是:http://127.0.0.1:8090/kyxgcontrol/api/t/proLabelCata/9281
我一直以为是自己工程或代码的问题,弄了好久找不到问题,还百度到官方jdk中Request method 'DELETE' not supported的bug,官方bug地址:https://bugs.openjdk.java.net/browse/JDK-7157360
但上面也没说解决方案好像,英文不好,所以也不确定,但我其他方法用delete是可以的,说明我的项目是可以用delete请求的。
把工程日志调成debug模式,再次用delete请求http://127.0.0.1:8090/kyxgcontrol/api/t/proLabelCata/9281,发现debug日志中报错了,还是权限不够的错误。
这才发现原来是Spring security的错误,看了Spring security的配置才发现api/t/proLabelCata/9281上要权限的,错误日志如下:
2017-04-20 10:02:41 DEBUG: /api/t/proLabelCata/9281 at position 6 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2017-04-20 10:02:41 DEBUG: /api/t/proLabelCata/9281 at position 7 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2017-04-20 10:02:41 DEBUG: Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fab4e5e: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: 3612CA04E356CA63E1BB358BD06DB81A; Granted Authorities: ROLE_ANONYMOUS'
2017-04-20 10:02:41 DEBUG: /api/t/proLabelCata/9281 at position 8 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2017-04-20 10:02:41 DEBUG: /api/t/proLabelCata/9281 at position 9 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2017-04-20 10:02:41 DEBUG: /api/t/proLabelCata/9281 at position 10 of 11 in additional filter chain; firing Filter: 'CustomFilterSecurityInterceptor'
2017-04-20 10:02:41 DEBUG: Public object - authentication not attempted
2017-04-20 10:02:41 DEBUG: /api/t/proLabelCata/9281 at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2017-04-20 10:02:41 DEBUG: Checking match of request : '/api/t/prolabelcata/9281'; against '/api/**'
2017-04-20 10:02:41 DEBUG: Secure object: FilterInvocation: URL: /api/t/proLabelCata/9281; Attributes: [isAuthenticated()]
2017-04-20 10:02:41 DEBUG: Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fab4e5e: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe3f86: RemoteIpAddress: 127.0.0.1; SessionId: 3612CA04E356CA63E1BB358BD06DB81A; Granted Authorities: ROLE_ANONYMOUS
2017-04-20 10:02:41 DEBUG: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@532deba7, returned: -1
2017-04-20 10:02:41 DEBUG: Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
2017-04-20 10:02:41 DEBUG: DefaultSavedRequest added to Session: DefaultSavedRequest[http://127.0.0.1:8090/kyxgcontrol/api/t/proLabelCata/9281]
2017-04-20 10:02:41 DEBUG: Calling Authentication entry point.
2017-04-20 10:02:41 DEBUG: Redirecting to 'http://127.0.0.1:8090/kyxgcontrol/loginPage'
2017-04-20 10:02:41 DEBUG: SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2017-04-20 10:02:41 DEBUG: SecurityContextHolder now cleared, as request processing completed
2017-04-20 10:02:41 DEBUG: Checking match of request : '/loginpage'; against '/login.jsp*'
2017-04-20 10:02:41 DEBUG: Checking match of request : '/loginpage'; against '/loginpage*'
2017-04-20 10:02:41 DEBUG: /loginPage has an empty filter list
2017-04-20 10:02:41 DEBUG: Using SessionFactory 'sessionFactory' for OpenSessionInViewFilter
2017-04-20 10:02:41 DEBUG: Returning cached instance of singleton bean 'sessionFactory'
2017-04-20 10:02:41 DEBUG: Opening Hibernate Session in OpenSessionInViewFilter
2017-04-20 10:02:41 DEBUG: Opened session at timestamp: 14926537617
2017-04-20 10:02:41 DEBUG: DispatcherServlet with name 'springMVC' processing DELETE request for [/kyxgcontrol/loginPage]
2017-04-20 10:02:41 DEBUG: Looking up handler method for path /loginPage
2017-04-20 10:02:41 DEBUG: Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'DELETE' not supported
2017-04-20 10:02:41 DEBUG: Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'DELETE' not supported
2017-04-20 10:02:41 DEBUG: Resolving exception from handler [null]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'DELETE' not supported
登录完,再请这个地址,发现是可以请求的,根本不是Request method 'DELETE' not supported,而是权限问题引起的。记录一下,免得下次再把这个问题困住了
但是为什么报的是Request method 'DELETE' not supported,我还是不解,有人知道么?