开发者

Spring Mvc Controller - problem with delete

问答 作者:

i working in a j2ee project (pojo layer, Dao layer(hibernate), Service Layer(spring), View(spring mvc)) i have a table of articles after each row i want to add a link to remove it.

this is my view

<c:if test="${!empty articles}">
<table>
    <tr>
        <th>Article ID</th>
        <th>Article Name</th>
        <th>Article Desc</th>
        <th>Added Date</th>
        <th>operation</th>
    </tr>

    <c:forEach items="${a开发者_StackOverflowrticles}" var="article">
        <tr>
            <td><c:out value="${article.articleId}"/></td>
            <td><c:out value="${article.articleName}"/></td>
            <td><c:out value="${article.articleDesc}"/></td>
            <td><c:out value="${article.addedDate}"/></td>
            <td><a href="articles/${article.articleId}">delete</a></td>
        </tr>
    </c:forEach>
</table>

here is the controller to delete

@RequestMapping(value="/articles/{articleId}", method=RequestMethod.POST)
public String deleteContact(@PathVariable("articleId")
Integer articleId) {

    articleService.removeArticle(articleId);

    return "redirect:/articles.html";
}

this is the servcice layer

    @Transactional(propagation = Propagation.REQUIRED, readOnly = false)
public void removeArticle(Integer id) {
    articleDao.removeArticle(id);
}

this is the Dao layer (i try to find the article then to remove it)

    public void removeArticle(Integer id) {
            //to get the article
    Article article = (Article) sessionFactory.getCurrentSession().load(
            Article.class, id);
    if (null != article) {
        sessionFactory.getCurrentSession().delete(article);
    }

}

but when i run the project and i click the delete link, i have an 404 error Etat HTTP 404 - /Spring3Hibernate/articles/1 description The requested resource (/ Spring3Hibernate/articles/1) is not available

can somebody help me?

 <td><a href="articles/${article.articleId}">delete</a></td>

This is standard GET request, but your controller is mapped to POST. 

@RequestMapping(value="/articles/{articleId}", method=RequestMethod.POST)

In addition, it looks like very big security issue. I can write very simple 10 lines program which will call using get or post request to from /articles/1 to /articles/{any number} and delete your entire data. I recommend just to take it into consideration while designing such applications.

Try the request method to be DELETE. GET method is not advised for something that will change a value in the server/db. If you want to stick with post make it a form submit instead of a href

RequestMapping(value="/articles/{articleId}", method=RequestMethod.DELETE)

继续阅读:controllerdaospring-mvc

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9