2

i working in a j2ee project (pojo layer, Dao layer(hibernate), Service Layer(spring), View(spring mvc)) i have a table of articles after each row i want to add a link to remove it.

this is my view

<c:if test="${!empty articles}"> <table> <tr> <th>Article ID</th> <th>Article Name</th> <th>Article Desc</th> <th>Added Date</th> <th>operation</th> </tr> <c:forEach items="${articles}" var="article"> <tr> <td><c:out value="${article.articleId}"/></td> <td><c:out value="${article.articleName}"/></td> <td><c:out value="${article.articleDesc}"/></td> <td><c:out value="${article.addedDate}"/></td> <td><a href="articles/${article.articleId}">delete</a></td> </tr> </c:forEach> </table>

here is the controller to delete

@RequestMapping(value="/articles/{articleId}", method=RequestMethod.POST) public String deleteContact(@PathVariable("articleId") Integer articleId) { articleService.removeArticle(articleId); return "redirect:/articles.html"; }

this is the servcice layer

 @Transactional(propagation = Propagation.REQUIRED, readOnly = false) public void removeArticle(Integer id) { articleDao.removeArticle(id); }

this is the Dao layer (i try to find the article then to remove it)

 public void removeArticle(Integer id) { //to get the article Article article = (Article) sessionFactory.getCurrentSession().load( Article.class, id); if (null != article) { sessionFactory.getCurrentSession().delete(article); } }

but when i run the project and i click the delete link, i have an 404 error Etat HTTP 404 - /Spring3Hibernate/articles/1 description The requested resource (/ Spring3Hibernate/articles/1) is not available

can somebody help me?

Improve this question
1
  • 4
    Are you sure the "a href"-part is sending a POST- and not a GET-request? Commented Feb 27, 2011 at 13:58

2 Answers 2

Reset to default
5 
 <td><a href="articles/${article.articleId}">delete</a></td>

This is standard GET request, but your controller is mapped to POST. 

@RequestMapping(value="/articles/{articleId}", method=RequestMethod.POST)

In addition, it looks like very big security issue. I can write very simple 10 lines program which will call using get or post request to from /articles/1 to /articles/{any number} and delete your entire data. I recommend just to take it into consideration while designing such applications.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Can you provide some hints on preventing this security breach?
0

Try the request method to be DELETE. GET method is not advised for something that will change a value in the server/db. If you want to stick with post make it a form submit instead of a href

RequestMapping(value="/articles/{articleId}", method=RequestMethod.DELETE)
Improve this answer

3 Comments

But his link will still send the request as a GET. How would this work better than with RequestMethod.POST?
I forgot to mention that, thanks for correcting. It has to be a post from the form.
HTTP Status 405 - Request method 'POST' not supported i tried all those still the above happens. delete request got converted to POST

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.