Broke RESTfulness with Spring Security

[tbender]

Since this seems due to a currently unfixed bug in Spring I added a workaround using POST and a different path so it does not confilct with my other POST-Mappings.

Code:

	/* Usually you would use a mapping to HTTP-PUT in a REST-Application.
	*Since there is a BUG with multipart-requests and HiddenHttpMethodFilter
	*we use a different path and the POST-Method here
	*https://jira.springsource.org/browse/SPR-6594
	*/
	@RequestMapping(value="/scriptfile/{id}/update", method = RequestMethod.POST)    
    public String update(@Valid ScriptFile scriptFile,
    							BindingResult result,
    							ModelMap modelMap, HttpServletRequest request) {    
        if (scriptFile == null) throw new IllegalArgumentException("A scriptFile is required");        
        if (result.hasErrors()) {        
            modelMap.addAttribute("scriptFile", scriptFile);            
            modelMap.addAttribute("showcases", ShowCase.findAllShowCases());            
            return "scriptfile/update";            
        }
        setFileParameters(scriptFile, request);
        scriptFile.merge();        
        return "redirect:/scriptfile/" + scriptFile.getId();        
    }

[Stefan Schmidt]

@tbender,

Thanks for sharing your research here. I have linked this forum thread to the ROO-442 feature request. This is something I'll be looking into soon.

Cheers,
Stefan

[tbender]

You're welcome. I love roo and especially how fast it is progressing :-)
How about the kangaroo-app? ;-)

@tbender,

Thanks for sharing your research here. I have linked this forum thread to the ROO-442 feature request. This is something I'll be looking into soon.

Cheers,
Stefan

[mikrobi]

I'm still having problems getting a multipart upload working with a PUT request
(see latest comments on https://jira.springsource.org/browse/SPR-6594)

Did anyone get an upload to work by using the PUT method?

[dejanmr]

Any progress on this?

I have checked jira issue, and it seem to be fixed on 3.0.2.

I have 3.0.3 version of spring and same/similar issue.

I am new to spring MVC, so application is simple, and has simple security (guess it is relevant).

So, although I put PUT as method, it ends up as POST, and I get error

"Request method 'POST' not supported".

[bytor99999]

Any progress on this?

I have checked jira issue, and it seem to be fixed on 3.0.2.

I have 3.0.3 version of spring and same/similar issue.

I am new to spring MVC, so application is simple, and has simple security (guess it is relevant).

So, although I put PUT as method, it ends up as POST, and I get error

"Request method 'POST' not supported".

Do a view source on your page and does your HTML form also have the hidden field in it. Also is your mapping method=RequestMethod.PUT?

like

<form method="POST" action="YOURACTIONHERE">
<all your tags for your form>
<input type="hidden" name="_method" value="PUT"/>
</form>

Mark

[dejanmr]

Do a view source on your page and does your
<input type="hidden" name="_method" value="PUT"/>
Mark

Exactly. Form is generated with spring form tag and method PUT, which is rendered to method POST and hidden field.

I have pretty much made example similar to pet clinic sample code, which is working fine, by the way. Only difference is that I have spring security set up.

[dejanmr]

Any news on this? Did latter versions of the Spring or Spring security problem resolved the issue?

Is there anyone made it working in expected way?

[omerio]

I managed to workaround this issue by changing the @RequestMapping annotation on the update method to:

@RequestMapping(params = "_method=PUT")//method = RequestMethod.PUT)
public java.lang.String update(@Valid Application application,

This seems to work fine for me and calls the correct update method even with multipart inctype.
Hope this helps someone