spring security 4.0.1 - HTTP Status 405 - Request method 'POST' not supported

Question

I am using Spring MVC (4.1.6 RELEASE) and Spring Security (4.0.1 RELEASE).

When i am trying to submit my login form ,i am getting "HTTP Status 405 - Request method 'POST' not supported ." Error.

web.xml

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:/jpaContext.xml</param-value>
</context-param>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/config/security-config.xml</param-value>
</context-param>
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
    <servlet-name>ISMServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/config/servlet-config.xml</param-value>
    </init-param>
</servlet>
<servlet-mapping>
    <servlet-name>ISMServlet</servlet-name>
    <url-pattern>*.html</url-pattern>
</servlet-mapping>

spring-security.xml

<context:annotation-config />
<context:component-scan  base-package="com.sam"/>

<security:http auto-config='true' >    
    <security:intercept-url pattern="/index.jsp" access="permitAll" />
    <security:intercept-url pattern="/login.html" access="permitAll" />
    <security:intercept-url pattern="/**" access="hasRole('USER')" />
    <security:access-denied-handler error-page="/403.html"/>
    <security:form-login login-page="/login.html"   authentication-failure-url="/error.html" default-target-url="/home.html" /> 
    <security:logout logout-success-url="/index.jsp" delete-cookies="JSESSIONID"/>
</security:http>

<security:authentication-manager>
    <security:authentication-provider>
        <security:password-encoder hash="bcrypt" />
        <security:jdbc-user-service data-source-ref="dataSource" />
    </security:authentication-provider>
</security:authentication-manager>

<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName" value="com.mysql.jdbc.Driver" />
    <property name="url" value="jdbc:mysql://localhost:3306/ism" />
    <property name="username" value="root" />
    <property name="password" value="" />
</bean>

form.html

<form  action="j_spring_security_check" name="f" method="post" >

            <input name="j_username" type="text" />
            <input name="j_password" type="password"/>
            <input name="submit" id="button" type="submit" value="enter" />
    </form>

Could you post your Controller Class (e.g. Mappings defined) ? — sven.kwiotek

sven.kwiotek sven.kwiotek · Accepted Answer · 2015-06-17T06:54:52

The default login endpoint for login submit action is /login. You have in your login.html the endpoint j_spring_security_check where spring don't knows how it handle this mapping. So try it also with input elements with ids/names username/password:

<form  action="/login" name="f" method="post" >
    <input id="username" name="username" type="text" />
    <input id="password" name="password" type="password"/>
    <input name="submit" id="button" type="submit" value="enter" />
</form>

Please modify both entries (servlet-config.xml, spring-security.xml) in <context:component-scan base-package="com.sam.*"/>. Change the url-mapping to:

<servlet-mapping>
    <servlet-name>ISMServlet</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

spring security 4.0.1 - HTTP Status 405 - Request method 'POST' not supported

3 Answers