I’m trying to build a customer facing app that’s using the app-portal. My controller works fine as long as the request is GET. However if I try a POST or PUT I get an error. The PUT error is below:
PUT http://localhost:8080/app-portal/user/1 405 (Method Not Allowed)
I created a CORSFilter in hopes that it would allow these requests to go through, but had no luck. Any ideas?
can you show the Spring MVC controller class? Normally in order to work with different HTTP methods in the controller, the controller method has to be annotated with:
@RequestMapping(method = {RequestMethod.PUT}
If you can share the code it should be a little clearer. Or are you using the generic API of CUBA?
Bye,
Mario
It is worth mentioning that CUBA REST-API does not use Spring Security filtering.
You have to disable Spring Security filtering for your API URLs in portal-security-spring.xml to be able to perform requests with custom CORS policy:
<http pattern="/user/**" security="none"/>
And then set method PUT for a method of your controller:
@Controller
@RequestMapping("user")
public class UserController {
private Logger log = LoggerFactory.getLogger(UserController.class);
@ResponseBody
@RequestMapping(path = "{id}", method = RequestMethod.PUT, produces = "application/json")
public String create(@PathVariable String id, @RequestBody String userInfo) {
log.info("Put new user {} with info {}", id, userInfo);
return "{\"status\": \"ok\"}";
}
}
I’ve attached sample project, so you can try it in action.
Is there a way to get CUBA Rest to work with SpringSecurity? The current application I’m working on doesn’t really require it, but in the future we are wanting to create a customer facing portal that mimics much of what we are doing in the web module.
CUBA does not use Spring Security for REST-API because we have our own security model described here: [url=https://doc.cuba-platform.com/manual-6.1/security_subsystem.html]https://doc.cuba-platform.com/manual-6.1/security_subsystem.html[/url]. CUBA Security model is powerful, so you can fine-tune your security from the web application and all security rules will be applied for REST-API requests. We don’t have different URLs for resources in the current version of REST-API so Spring Security model is not suitable for CUBA REST-API.
We are planning to add RESTful URLs support and much more functionality for public-facing portals in one of the next minor releases planned for September 2016. It seems that Spring Security will be suitable for public-facing portals that use REST-API with these new features.
It is hard to say what is wrong with your code without a sample/test project. Could you please create a small project on github where this problem can be reproduced?