Reputation: 1476
If at first submit button is clicked, session is not existing then it routed to login.jsp page and flow goes fine but the problem is happening if suppose first logged in with any other permission that the submit-button cannot be routed to the desired page, and after logging in now clicked to submit-button, so in this case this should route to "authentication-failure-url="/loginFailure.web" or access denied something but it throws HTTP Status 405 - Request method 'POST' not supported
Also, In response header, can see Allow:GET why its allowing only Get here ?
In request an extra parameter being sent _csrf:e15bc9a6-66jh-4de4-b278-008e6f9a569c as such spring form add it by default, may be its causing issue ?
or please let me know any solution for this to fix it
Thanks in advance !!!!
@RequestMapping(value = "/searchCriteria.web", method = RequestMethod.POST, params = "searchButton")
public String getsearchCriteria(@ModelAttribute("rentalVO") RentalVO rental, Model model) {
List<Vehicle> vehicles;
try {
vehicles = rentalService.findVehiclesBetweenDates(rental.getStart(),rental.getEnd());
} catch (InvalidDateException e) {
model.addAttribute("message", "Booking cannot be preoceeded !! Invalid dates provided");
return "message";
}
model.addAttribute("vehicles", vehicles);
model.addAttribute("start",rental.getStart());
model.addAttribute("end",rental.getEnd());
return "bookVehicle";
}
login.jsp
<form name='loginForm'
action="<c:url value='/j_spring_security_check' />" method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username'></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' /></td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" /></td>
</tr>
</table>
<input type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}" />
</form>
spring-security.xml
<http use-expressions="true" auto-config="true">
<access-denied-handler error-page="/403" />
<intercept-url pattern="/categoryCriteria*"
access="hasAnyRole('ROLE_ADMIN','ROLE_USER','ROLE_DB')" />
<intercept-url pattern="/searchAllCriteria*" access="hasAnyRole('ROLE_ADMIN')" />
<intercept-url pattern="/searchCriteria*"
access="hasAnyRole('ROLE_ADMIN','ROLE_DB')" />
<!-- <intercept-url pattern="/bookVehicle*"
access="hasAnyRole('ROLE_ADMIN','ROLE_DB')" /> -->
<form-login login-page="/login.web" default-target-url="/login.web"
authentication-failure-url="/loginFailure.web" username-parameter="j_username"
password-parameter="j_password" login-processing-url="/j_spring_security_check" />
<logout logout-url="/j_spring_security_logout"
logout-success-url="/index.web" />
<csrf/>
<!-- <csrf disabled="true"/> -->
</http>
index.jsp
<td><form:form action="searchCriteria.web" method="post"
commandName="rental">
<b> Check the Car availability as per your time frame (Admin Db access) </b>
<br>
<br>
Start date: <form:input path="start" id="datepickerStart" />
<br>
<br>
End date: <form:input path="end" id="datepickerEnd" />
<br>
<br>
<input type="submit" value="Available Car" name="searchButton" />
</form:form></td>
</tr>
Upvotes: 0
Views: 390
Reputation: 1476
I got the issue, Here, submit button is making a POST call to the backend, that fails beacause of user authenication as such and routed to /loginFailure.web by spring security, Whereas the method that is handling loginFailure.web url, is GET method, that eventually gives 405. Because its not even reaching to the controller method /searchCriteria.web that intended to, in between itself intercepted by spring security and routed to other failure authentication URL.
Upvotes: 1