Spring RequestMapping DELETE和未授权访问JWT

Question

春天的 DELETE 方法有问题。我正在使用 JWT 并将其发送到请求标头中，但 GET/POST/PATCH 有效，DELETE 无效..我真的不知道为什么。即使通过邮递员，我也无权 401 删除项目，但我可以获取/修补/发布新项目...这是我的控制器代码：

@CrossOrigin(origins = "http://localhost:8081", maxAge = 3600)
@RestController
public class JwtAuthenticationController {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private JwtTokenUtil jwtTokenUtil;

    @Autowired
    private JwtUserDetailsService userDetailsService;

    @Autowired
    private CarDetailsService carDetailsService;


    @RequestMapping(value = "/authenticate", method = RequestMethod.POST)
    public ResponseEntity<?> createAuthenticationToken(@RequestBody JwtRequest authenticationRequest) throws Exception {

        authenticate(authenticationRequest.getUsername(), authenticationRequest.getPassword());

        final UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());

        final String token = jwtTokenUtil.generateToken(userDetails);

        return ResponseEntity.ok(new JwtResponse(token));
    }

    @RequestMapping(value = "/register", method = RequestMethod.POST)
    public ResponseEntity<?> saveUser(@RequestBody UserDTO user) throws Exception {
        return ResponseEntity.ok(userDetailsService.save(user));
    }

    private void authenticate(String username, String password) throws Exception {
        try {
            authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
        } catch (DisabledException e) {
            throw new Exception("USER_DISABLED", e);
        } catch (BadCredentialsException e) {
            throw new Exception("INVALID_CREDENTIALS", e);
        }
    }

    @RequestMapping(value = "/car", method = RequestMethod.POST)
    public ResponseEntity<?> getRents(@RequestBody CarDTO car) throws Exception {
        return ResponseEntity.ok(carDetailsService.saveCar(car));
    }



    @RequestMapping(value ="/cars", method = RequestMethod.GET)
    public ResponseEntity<?> getCars() throws Exception{
        return ResponseEntity.ok(carDetailsService.getAllCars());
    }


    @PatchMapping("/cars/{id}")
    public ResponseEntity<?>  partialUpdate(@RequestBody PartialCarDTO partialCar, @PathVariable("id") Integer id){
        return ResponseEntity.ok(carDetailsService.updateCar(partialCar,id));
    }

    @RequestMapping(value = "/cars/{id}", method = RequestMethod.DELETE)
    public ResponseEntity<?> deleteCar(@RequestBody PartialCarDTO partialCar, @PathVariable("id") Integer id){
        return ResponseEntity.ok(carDetailsService.deleteCar(partialCar,id));
    }

Answer 1

我从 requestmapping 中删除了 PartialCarDTO，并且通过邮递员可以删除实体，但在我的休息 api 中它不是 .. :/ 我尝试了很多变体但没有成功。即使我在 axios 中传递 NULL 而不是有效负载，同时使用我的令牌保留诸如授权之类的标头，内容类型和访问控制允许来源。不，我真的不知道问题出在哪里。总是 401。你有什么想法吗？

  return new Promise((resolve, reject) => {
                    let id=payload.id;
                    let url="http://localhost:8080/cars/"+id
                    let config = {
                        headers: {
                            "Authorization": "Bearer "+localStorage.getItem('token'),
                            "Content-Type": "application/json",
                            "Access-Control-Allow-Origin": "*"
                          }
                        }  

                    axios.delete(url, payload, config)
                    .then(({data,status}) => {
                        if(status === 200){
                            resolve(true);
                        }
                    })
                    .catch(error=> {
                        reject(error);
                    })
                }

Answer 2

这里有一个很好的答案：https://stackoverflow.com/a/299696/4573580

如果 DELETE 请求包含实体主体，则该主体将被忽略 [...]