1

I have next method in controller:

@GetMapping("/delete")
    public String deleteUser(int id) {
        groupService.deleteById(id);
        return REDIRECT_PAGE;
    }

And it works perfect with next UI:

<a th:href="@{/groups/delete/(id=${group.id})}" class="btn btn-danger">Delete</a>

With bootstrap modal part:

<div th:fragment="deleteEntry">
    <div class="modal" tabindex="-1" role="dialog" id="deleteModal">
        <div class="modal-dialog" role="document">
            <div class="modal-content">
                <div class="modal-header">
                    <h5 class="modal-title">Confirm deletion</h5>
                    <button type="button" class="close" data-dismiss="modal" aria-label="Close">
                        <span aria-hidden="true">&times;</span>
                    </button>
                </div>
                <div class="modal-body">
                    <p>Are you sure you want to delete this record?</p>
                </div>
                <div class="modal-footer">
                    <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
                    <a href="" class="btn btn-primary" id="delRef">Yes, delete</a>
                </div>
            </div>
        </div>
    </div>
</div>

and js:

$('document').ready(function() {

    $('.table .btn-danger').on('click',function(event) {
        event.preventDefault();
        var href = $(this).attr('href');
        $('#deleteModal #delRef').attr('href', href);
        $('#deleteModal').modal();
        
    });
});

But now I want to change @GetMapping with @DeleteMapping in controller (start learning Spring Security), and what I have-

Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'GET' not supported]

What I need to fix? Thanks in advance.

Upd: Well, if it impossible, how to add to SpringSecurity config rules to allow to delete only for "admin"? I try next ones, but it doesn't work- "user" can delete entries:

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
        .authorizeRequests()
        .antMatchers(HttpMethod.GET, "/**").hasAnyRole(Role.ADMIN.name(), Role.USER.name())
        .antMatchers(HttpMethod.GET, "/groups/delete/*").hasRole(Role.ADMIN.name())
        .antMatchers(HttpMethod.GET, "/groups/delete/").hasRole(Role.ADMIN.name())
        .antMatchers(HttpMethod.GET, "/groups/delete").hasRole(Role.ADMIN.name())
                .antMatchers(HttpMethod.POST, "/**").hasRole(Role.ADMIN.name())
                .antMatchers(HttpMethod.PUT, "/**").hasRole(Role.ADMIN.name())
                .antMatchers(HttpMethod.DELETE, "/**").hasRole(Role.ADMIN.name())
                .anyRequest().authenticated().and()
                .httpBasic();
    }
Khilarian
  • 249
  • 1
  • 9
  • Have you looked at this answer https://stackoverflow.com/questions/6926512/how-to-specify-delete-method-in-a-link-or-form? If you change the request mapping to `@DeleteMapping` Then the link i.e ` – clD Dec 26 '20 at 20:26
  • @clD Well, it seems that I need to configure Spring Security for all paths, not just by HttpMethod.* – Khilarian Dec 26 '20 at 20:34

2 Answers2

0

It looks like you're still sending a GET request instead of DELETE, but there is no more GET endpoint, which causes the error.

Piotr Żmudzin
  • 154
  • 1
  • 6
0

If you want to use the @DeleteMapping annotation, I think you need to make your request with ajax or it should remain @GetMapping.

If you want to use @ReqeustParam:

$.ajax({
    type : "DELETE",
    url : "/groups/delete",
    data: {"id": id},
    contentType: "application/json",
    dataType : 'json',
    success: function (result) {       
        console.log(result);                
    },
    error: function (e) {
        console.log(e);
    }
});

Browsers only support GET and POST as http request methods.

Also see here if you want to solve it with @PostMapping.

İsmail Y.
  • 3,579
  • 5
  • 21
  • 29