0

Creating very first SPRING REST API, for some reason only GET requests work as they should, all the rest - POST, PUT, DELETE do not.

@RestController
@RequestMapping(value = "/api/contacts")
public class ContactRESTController {

    private ContactService contactService;

    @Autowired
    public ContactRESTController(ContactService contactService) {
        this.contactService = contactService;
    }


    @RequestMapping(value = "/contact/{id}", method = RequestMethod.DELETE)
    public void deleteContact(@PathVariable long id) {

        Contact retrived = contactService.findOne(id);
        if (retrived == null) { throw new ContactNotFoundException(id);}
        contactService.delete(id);
    }

Having @RestController allows me to omit @ResponseBody. Tried using @ResponseEntity with no effect. Thought it may be some security issues, so I've added this line into security.xml

<security:intercept-url method="DELETE" access="permitAll" pattern="/api/contacts/contact/*" />

when app loads I can see this line in console:

INFO - Mapped "{[/api/contacts/contact/{id}],methods=[DELETE]}" onto public void com.bugielmarek.timetable.controllers.ContactRESTController.deleteContact(long)

yet when I pick DELETE in POSTMAN and go to 

http://localhost:8080/crudone/api/contacts/contact/9

all I get is 

HTTP Status 405 - Request method 'DELETE' not supported

and down in Headers I can read 'allow - GET'.

Tried posting a DELETE request with 'Content-Type' set to 'text/html' with no luck.

UPDATE:

Adding hiddenHttpMethodFilter to web.xml was no help.

<filter>
        <filter-name>hiddenHttpMethodFilter</filter-name>
        <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>hiddenHttpMethodFilter</filter-name>
       <servlet-name>crudone</servlet-name>
    </filter-mapping>

UPDATE:

Following DwB suggestion I turned on DEBUG level and observed console output. What I found was:

DEBUG - /api/contacts/contact/10 at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
DEBUG - Invalid CSRF token found for http://localhost:8080/crudone/api/contacts/contact/10
DEBUG - DispatcherServlet with name 'crudone' processing DELETE request for [/crudone/denied]
DEBUG - Looking up handler method for path /denied '

which suggests that it is problem with security after all.Any help how to disable csrf for REST would be much appreciated - as I suppose this is the solution.

M.Bugiel
  • 43
  • 9
  • Why is the `crudone` URL segment used in the example Postman URL? Is it defined in the source code? – Sergey Vyacheslavovich Brunov Aug 24 '17 at 20:13
  • What is your application ROOT? change http://localhost:8080/crudone/api/contacts/contact/9 to http://localhost:8080/api/contacts/contact/9 – Vazgen Torosyan Aug 25 '17 at 08:21
  • 1
    @SergeyBrunov 'crudone' is a context root (if I got the lingo right). So that bit is not a problem I think. – M.Bugiel Aug 25 '17 at 17:15
  • 1
    @DwB marked my question as a duplicate indicating that it could already been answered - the solution would be to add a hiddenHttpMethodFilter, was happy to see it as my web.xml was lacking it indeed,unfortunately after adding it to web.xml same message appeared "WARN - Request method 'DELETE' not supported" – M.Bugiel Aug 25 '17 at 17:18
  • 1
    Turn on trace level debugging and troubleshoot the problem. It does not appear to be related to anything you included in the question. – DwB Aug 25 '17 at 18:14
  • 1
    Problem solved. Many thanks. – M.Bugiel Aug 26 '17 at 13:37

0 Answers0