Jake Miller Jake Miller - 1 year ago 191
Java Question

POST request says "405 GET not supported" with Spring security enabled

When I enable Spring security using a class which extends

, I receive this error when I send

o.s.web.servlet.PageNotFound : Request method 'GET' not supported

I get an error that
is not allowed when I'm sending
... I've been unable to figure this out for hours.

It works perfectly fine if I comment out
in my main class and the
class as shown below:

public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

private final AuthenticationManager authenticationManager;

public CustomWebSecurityConfigurerAdapter(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;

protected void configure(AuthenticationManagerBuilder auth) throws Exception {

protected void configure(HttpSecurity http) throws Exception {
.antMatchers("/css/**", "/js/**", "/images/**", "/fonts/**", "/videos/**")
.antMatchers("/", "/join", "/login", "/about", "/contact", "/index.html")
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))


Here's my Spring controller by the way, if needed:

@RequestMapping(value = "/login", method = RequestMethod.POST)
public ResponseEntity<BusinessUser> login(@RequestBody BusinessUser inputUser) {
BusinessUser requestedUser = businessUserService.findByUsername(inputUser.getUsername());
if(requestedUser != null)
if(BCrypt.checkpw(inputUser.getPassword(), requestedUser.getPassword()))
return new ResponseEntity<>(requestedUser, HttpStatus.OK);
return new ResponseEntity<>(HttpStatus.BAD_REQUEST);

Again, that controller works fine and is able to receive POST requests as well as return user info in JSON format EXCEPT for when I have the
class (which I need to enable OAuth2.0 and CSRF protection later).

Answer Source

I'll add a little more documentation for posterity. As Jake said, the line


Was in fact the problem. According to the documentation there are several requirements for loginPage:

  • It must be an HTTP POST
  • It must be submitted to AbstractAuthenticationFilterConfigurer.loginProcessingUrl(String)
  • It should include the username as an HTTP parameter by the name of usernameParameter(String)
  • It should include the password as an HTTP parameter by the name of passwordParameter(String)

The method definition is missing the required http parameters that the loginPage() method requires.