HTTP Status 405 - Request method 'POST' not supported

I am getting "HTTP Status 405 - Request method 'POST' not supported" error message on clicking submit button in login form.

I am using Spring 3.0 security framework.

Please find below the code:

login.jsp

Code:

---

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>

        <c:if test="${param.login_error == 'true'}">
                <font color="red">Your login attempt was not successful, please
                        try again.<br /> Reason: <c:out
                                value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />.
                </font>
        </c:if>
        <form name="f" action="<c:url value='/j_spring_security_check'/>"
                method="POST">
                <div>
                        Username: <input id="j_username" type='text' name='j_username'
                                style="width: 150px" />
                </div>
                <br />
                <div>
                        Password: <input id="j_password" type='password' name='j_password'
                                style="width: 150px" />
                </div>
                <br />
                <div>
                        Remember me: <input id="_spring_security_remember_me" type='checkbox'
                                name='_spring_security_remember_me' value='on' checked='checked' />
                </div>
                <br />
                <div>
                        <a href="login_forgot.htm">forgot password</a>
                </div>
                <br />
                <div>
                        <input id="proceed" type="submit" value="Login" />
                        <input id="reset" type="reset" value="Reset" />
                </div>
        </form>

</div>

---

security-config.xml

Code:

---

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

        <!-- HTTP security configurations -->
        <http auto-config="true" use-expressions="true">

                <form-login login-processing-url="/j_spring_security_check" login-page="/login.htm"
                        authentication-failure-url="/login.htm?login_error=t"
                        default-target-url="/home" />

                <logout logout-url="/logout" logout-success-url="/" />

                <remember-me key="myAppKey" token-validity-seconds="864000" />

                <!-- Configure these elements to secure URIs in your application -->
                <intercept-url pattern="/admin.htm" access="hasRole('ROLE_ADMIN')" />

        </http>

        <!-- Configure Authentication mechanism -->
        <authentication-manager alias="authenticationManager">

                <authentication-provider>

                        <jdbc-user-service data-source-ref="dataSource"
                                users-by-username-query="select NAME, PASSWORD, true from PERSON where NAME = ? and STATUS = 'Active'"
                                authorities-by-username-query="select p.NAME, pr.AUTHORITY from PERSON p, PERSON_ROLE pr
                                                                                          where p.PERSON_ID = pr.PERSON_ID and p.NAME = ? " />

                </authentication-provider>

        </authentication-manager>

</beans:beans>

---

Are you certain it is Spring Security giving this response (perhaps it is after the log in has been processed)? What do your logs look like?

Hi Rob, I am pretty sure it is Spring Security response because the url displayed on browser error page is http://localhost:8080/vikas/j_spring_security_check.

please find below the log messages after submit on login screen:

Code:

---


http-apr-8080-exec-7 DEBUG servlet.DispatcherServlet - DispatcherServlet with name 'demo' processing POST request for [/vikas/j_spring_security_check]
http-apr-8080-exec-7 DEBUG annotation.RequestMappingHandlerMapping - Looking up handler method for path /j_spring_security_check
http-apr-8080-exec-7 DEBUG annotation.RequestMappingHandlerMapping - Did not find handler method for [/j_spring_security_check]
http-apr-8080-exec-7 DEBUG handler.SimpleUrlHandlerMapping - Matching patterns for request [/j_spring_security_check] are [/**]
http-apr-8080-exec-7 DEBUG handler.SimpleUrlHandlerMapping - URI Template variables for request [/j_spring_security_check] are {}
http-apr-8080-exec-7 DEBUG handler.SimpleUrlHandlerMapping - Mapping [/j_spring_security_check] to HandlerExecutionChain with handler [org.springframework.web.servlet.resource.ResourceHttpRequestHandler@51e202] and 1 interceptor
http-apr-8080-exec-7 DEBUG annotation.ResponseStatusExceptionResolver - Resolving exception from handler [org.springframework.web.servlet.resource.ResourceHttpRequestHandler@51e202]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported
http-apr-8080-exec-7 DEBUG support.DefaultHandlerExceptionResolver - Resolving exception from handler [org.springframework.web.servlet.resource.ResourceHttpRequestHandler@51e202]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported
http-apr-8080-exec-7 WARN  servlet.PageNotFound - Request method 'POST' not supported
http-apr-8080-exec-7 DEBUG servlet.DispatcherServlet - Null ModelAndView returned to DispatcherServlet with name 'demo': assuming HandlerAdapter completed request handling
http-apr-8080-exec-7 DEBUG servlet.DispatcherServlet - Successfully completed request

---

Also, I have commented DelegatingFilterProxy filter in web.xml:

web.xml:

Code:

---

<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        version="2.5"
        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">


        <display-name>Demo</display-name>

        <description>Demo</description>

        <context-param>
                <param-name>webAppRootKey</param-name>
                <param-value>vikas.root</param-value>
        </context-param>

        <context-param>
                <param-name>log4jConfigLocation</param-name>
                <param-value>WEB-INF/spring/log4j.xml</param-value>
        </context-param>

        <!-- Enable escaping of form submission contents -->
        <context-param>
                <param-name>defaultHtmlEscape</param-name>
                <param-value>true</param-value>
        </context-param>

        <context-param>
                <param-name>contextConfigLocation</param-name>
                <param-value />
        </context-param>

        <filter>
                <filter-name>CharacterEncodingFilter</filter-name>
                <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
                <init-param>
                        <param-name>encoding</param-name>
                        <param-value>UTF-8</param-value>
                </init-param>
                <init-param>
                        <param-name>forceEncoding</param-name>
                        <param-value>true</param-value>
                </init-param>
        </filter>

        <filter>
                <filter-name>HttpMethodFilter</filter-name>
                <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
        </filter>

        <filter-mapping>
                <filter-name>CharacterEncodingFilter</filter-name>
                <url-pattern>/*</url-pattern>
        </filter-mapping>

        <filter-mapping>
                <filter-name>HttpMethodFilter</filter-name>
                <url-pattern>/*</url-pattern>
        </filter-mapping>

        <!-- Keep the listener commented-out if using JBoss -->
        <listener>
                <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
        </listener>

        <!-- Creates the Spring Container shared by all Servlets and Filters -->
        <listener>
                <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>

        <!-- Handles Spring requests -->
        <servlet>
                <servlet-name>demo</servlet-name>
                <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
                <init-param>
                        <param-name>contextConfigLocation</param-name>
                        <param-value>WEB-INF/spring/applicationContext.xml</param-value>
                </init-param>
                <load-on-startup>1</load-on-startup>
        </servlet>

        <servlet-mapping>
                <servlet-name>demo</servlet-name>
                <url-pattern>/</url-pattern>
        </servlet-mapping>

        <!-- <filter> -->
        <!-- <filter-name>springSecurityFilterChain</filter-name> -->
        <!-- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> -->
        <!-- </filter> -->

        <!-- <filter-mapping> -->
        <!-- <filter-name>springSecurityFilterChain</filter-name> -->
        <!-- <url-pattern>/*</url-pattern> -->
        <!-- </filter-mapping> -->

        <session-config>
                <session-timeout>10</session-timeout>
        </session-config>

        <error-page>
                <error-code>404</error-code>
                <location>/resourceNotFound</location>
        </error-page>
</web-app>

---

If I uncomment above filter then getting resource not found for all urls.

If springSecurityFilterChain is commented out, then it means Spring Security is not processing the URLs. This is demonstrated by the logs which states that the DispatcherServlet is trying to process /j_spring_security_check. If Spring Security is processing the URL, it would never get to the DispatcherServlet. In short, this message appears to be coming from Spring MVC's Dispatcher Servlet which is not set up to process /j_spring_security_check as a POST. You will need to uncomment springSecurityFilterChain before Spring Security will process the URL.

On un-commenting springSecurityFilterChain, I am getting below error message in the localhost.2012-11-14.log file of tomcat:

Code:

---


SEVERE: Exception starting filter springSecurityFilterChain
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined

---

As per Spring Security docs, <http> element automatically creates a FilterChainProxy. And I am using <http> element as mentioned in my first post. Then why this error?

Also, in application-context.xml, I am importing security-config.xml as shown below:

<import resource="security-config.xml" />

The DelegatingFilterProxy is only aware of the parent application context (i.e. what is loaded by the ContextLoaderListener). This means the security configuration needs to be specified in the contextConfigLocation (which is currently empty). The DispatcherServlet loads a child ApplicationContext which is private to the SpringMVC configuration (i.e. DelegatingFIlterProxy will not be able to find it).

Thanks Rob for clearing my doubts. Now, its working fine!