java - 删除操作返回错误:出现意外错误(类型=禁止,状态=403)。禁止的
问题描述
我正在开发一个包含thymeleaf和spring-security的spring-boot项目。当我执行时它工作正常 - 显示产品列表,显示产品详细信息,添加新产品,更新现有产品。
但是当我执行 - 删除产品时,它会给出以下错误:
白标错误页面
此应用程序没有显式映射 /error,因此您将其视为后备。
2019 年 7 月 18 日星期四 16:59:16 BDT
出现意外错误(类型=禁止,状态=403)。
禁止的
这是我的代码:
product_list.html
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>Product List</title>
<link rel="stylesheet" th:href="@{/css/bootstrap.css}">
</head>
<body>
<div class="container">
<h1>Product List</h1>
<hr>
<a class="btn btn-success" th:href="@{/products/add}">Create New Product</a>
<hr>
<table class="table">
<thead>
<tr>
<th>Product ID</th>
<th>Name</th>
<th>Brand</th>
<th>Made In</th>
<th>Price</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<tr th:each="theProduct:${theProducts}">
<td th:text="${theProduct.id}">Product ID</td>
<td th:text="${theProduct.name}">Name</td>
<td th:text="${theProduct.brand}">Brand</td>
<td th:text="${theProduct.madein}">Made In</td>
<td th:text="${theProduct.price}">Price</td>
<td>
<a class="btn btn-info" th:href="@{'/products/show/' + ${theProduct.id}}">View</a>
<a class="btn btn-warning" th:href="@{'/products/edit/' + ${theProduct.id}}">Edit</a>
<a class="btn btn-danger" th:data-the-product-id="${theProduct.id}" data-toggle="modal" data-target="#deleteConfirmationModal">Delete</a>
<div class="modal fade" id="deleteConfirmationModal" tabindex="-1" role="dialog" aria-labelledby="deleteConfirmationModalLabel" aria-hidden="true">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="exampleModalLabel">Delete Confirmation</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<div class="modal-body">
Are you sure you want to DELETE the Product.
<br>
<form id="deleteForm" action="#" th:method="DELETE">
<button type="submit" class="btn btn-danger">Delete Employee</button>
</form>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<script th:src="@{/js/jquery-3.3.1.js}"></script>
<script th:src="@{/js/popper.js}"></script>
<script th:src="@{/js/bootstrap.js}"></script>
<script>
$('#deleteConfirmationModal').on('show.bs.modal', function (event) {
var anchorLink = $(event.relatedTarget)
var theProductId = anchorLink.data('theProductId')
var modal = $(this)
$("#deleteForm").attr("action", "/products/delete/" + theProductId)
})
</script>
</body>
</html>
产品控制器.java
package com.example.demo.controller;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import com.example.demo.dao.ProductRepository;
import com.example.demo.entity.Product;
@Controller
@RequestMapping("/products")
public class ProductController {
@Autowired
private ProductRepository productRepository;
@GetMapping("/index")
public String index(Model theModel) {
List<Product> theProducts = productRepository.findAll();
theModel.addAttribute("theProducts", theProducts);
return "product/product_list";
}
@GetMapping("/add")
public String add(Model theModel) {
Product theProduct = new Product();
theModel.addAttribute("theProduct", theProduct);
return "product/product_add_form";
}
@GetMapping("/show/{productId}")
public String show(@PathVariable int productId, Model theModel) {
Product theProduct = productRepository.findById(productId).get();
if(theProduct == null) {
return null;
}
theModel.addAttribute("theProduct", theProduct);
return "product/product_detail";
}
@PostMapping("/create")
public String create(@ModelAttribute("theProduct") Product theProduct) {
theProduct.setId(0);
productRepository.save(theProduct);
return "redirect:/products/index";
}
@GetMapping("/edit/{productId}")
public String edit(@PathVariable(name="productId") int productId, Model theModel) {
Product theProduct = productRepository.findById(productId).get();
theModel.addAttribute("theProduct", theProduct);
return "product/product_edit_form";
}
@PutMapping("/update")
public String update(@ModelAttribute("theProduct") Product theProduct) {
productRepository.save(theProduct);
return "redirect:/products/index";
}
@DeleteMapping("/delete/{productId}")
public String delete(@PathVariable int productId) {
Product tempProduct = productRepository.findById(productId).get();
if(tempProduct == null) {
return null;
}
productRepository.deleteById(productId);
return "redirect:/products/index";
}
}
登录控制器.java
package com.example.demo.controller;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class LoginController {
@RequestMapping("/login")
public String login() {
return "login";
}
@GetMapping("/")
public String home(Model theModel) {
return "redirect:/products/index";
}
}
安全配置.java
package com.example.demo.config;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.User.UserBuilder;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
UserBuilder users = User.withDefaultPasswordEncoder();
auth.inMemoryAuthentication().withUser(users.username("admin").password("Admin.123").roles("EMPLOYEE", "ADMIN"));
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/css/**")
.permitAll()
.antMatchers("/js/**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/authenticateTheUser")
.permitAll()
.and()
.logout()
.permitAll();
}
}
解决方案
幸运的是,您在 thymeleaf 每个循环中添加了“模态”,因此根据我的代码编辑您的 html ....
<form id="deleteForm" th:action="${'/products/delete/' + theProductId}" th:method="DELETE">
<button type="submit" class="btn btn-danger">Delete Employee</button>
</form>
这是经过测试的代码......工作正常......
你只是错过了“th:action”,因为它不能作为百里香形式工作。所以百里香不提供隐藏的“_csrf”字段;
推荐阅读
- php - 为什么在 Windows Server 2019 IIS 10 中只设置了第一个 cookie,相同的代码在其他服务器上设置了所有 cookie?
- c# - 如何使我的 switch 语句更高效
- node.js - 如何在使用竹子的部署中运行 mocha 测试解析器
- ios - 如何将我的 ios 应用程序上传到苹果商店?
- javascript - 使用文本链接反应路由器导航图像无法正常工作
- oracle - java.lang.UnsatisfiedLinkError:java.library.path 中没有 ocijdbc12
- reactjs - 在 React 中使用 map() 生成的组件中隐藏子组件
- c++ - 如何修复“PCH 警告:标头停止不在文件范围内”
- java - XSL 多列切换
- shell - 如何从makefile中的字符串中分离出版本号?