Feb 17th, 2010, 03:40 PM
Broke RESTfulness with Spring Security
In my roo project I have an Entity that represents an uploaded File (name, mimetype, data itself). Now I have the upload working, I started to setup
I have a whitelist configuration for URL-Interception allowing everyone for /static/** and /resource/** and /login but requiring login for everything else as the last rule.
Now problem is this: In my controller, I adjusted code for the methods for creation (using POST) and update (using PUT). Unfortunately spring security seems to do a redirect so the original PUT-request from my update gets turned into a POST-request which in turn leads to the controller not finding a correct request mapping for the update URL (expects PUT, gets POST).
Does that sound plausible?
What can I do about it?
(Sorry don't have access to code right now)
Ben, I think this might be an easy one for you ;-)
Feb 17th, 2010, 03:49 PM
It should work fine. But it does sound more like a Spring Security question than a Roo question, so you might find you receive better support by asking in the Spring Security forum. In any event would you please provide a debug-level log of the request processing and also the applicationContext-security.xml so we can help you figure it out.
Feb 17th, 2010, 03:53 PM
Thanks for the quick reply. You guys are really caring about your users
Will provide logs, code and config as soon as I have access to it again.
Besides: Do you know how ROO-8 is doing?
Feb 17th, 2010, 03:56 PM
ROO-8 is coming along brilliantly. Stefan is off to San Francisco this weekend to meet with our web team to fine-tune it some more. I've seen the work so far (it's not checked in yet) and it's impressive. I think people will really like it. We've spent a lot of time designing it so you can round-trip JSPX views in a very natural, usable way. And the JSPXs themselves are very small now and easily support the development of alternate tag libraries.
Feb 17th, 2010, 03:59 PM
Just lost one hours adjustments because I forgot to automaticallyMaintainView=false
Feb 17th, 2010, 10:07 PM
I would check to make sure you are using the "form:form" MVC tag (<form:form method="PUT"..>) in your form. That creates a hidden field named "_method", which I believe Spring MVC uses to detect PUT requests.
If you are using a single form for POST/PUT, you will need to create that hidden field another way.
(This may not be the problem in your case, but it would cause the symptoms you describe, making it seem as if your PUT is getting turned into a POST.)