HTTP Status 405 - JSPs only permit GET POST or HEAD

问题

Since JSP 2.3 (Tomcat 8) only supported method for JSP is GET POST or HEAD:

https://jcp.org/aboutJava/communityprocess/maintenance/jsr245/245-MR3.html http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/servlet/JspServlet.java?view=diff&r1=1497877&r2=1497878&pathrev=1497878

But, I suppose, it is a big incompatible change as, for example, for exception handler it is used to forward to JSP for rendering exception and iso JSP view since JSP 2.3 response is:

Method Not Allowed
HTTP Status 405 - JSPs only permit GET POST or HEAD 

description The specified HTTP method is not allowed for the requested resource.
Apache Tomcat/8.0.3

If we use REST and Spring HandlerExceptionResolver in case of exception we bump into this problem for sure. Are there any workaround for this problem (iso change http method type)?

回答1:

Sorry, there is no workaround (at the moment) for this. My recommendation to the EG was that the handled methods were made configurable. That suggestion was rejected. I suggest you raise this specific issue with them since it is a good argument for making the supported methods configurable on a per JSP (or group of JSPs) basis.

Meanwhile, I'll take a look at making this configurable using some form of Tomcat specific configuration under the bug you raised for this: https://issues.apache.org/bugzilla/show_bug.cgi?id=56568

UPDATE: As of Tomcat 8.0.9 when a JSP is used to generate an error page, any HTTP method will be allowed.

回答2:

As pointed by @MarkThomas you can make any HTTP request if you declare your JSP page as errorPage like this

If you don't want to do that then there is one more alternative
1. Create a filter (if you directly want to call a JSP page) or create a servlet (which will eventually call JSP page)
2. Do this in doFilter() or in case of servlet doPut()/doDelete()

Here I'm doing this in Filter where request is ServletRequest object.
I'm using HttpRequestWrapper to wrap the original request with a fake request and telling it to return POST for DELETE and PUT requests so JSP thinks its a POST request and the page is executed, only downside is you won't be able to tell what the original request was; this can also be covered if you set an attribute with original method name, like this

HttpServletRequest req = (HttpServletRequest) request;
request.setAttribute("method", req.getMethod());
req.getRequestDispatcher("/WEB-INF/resources/" +  resourceName + ".jsp").forward(new HttpServletRequestWrapper(req) {
    @Override
    public String getMethod() {
        String method = super.getMethod();
        if (method.equalsIgnoreCase("delete") || method.equalsIgnoreCase("put")) {
            return "POST";
        } else {
            return method;
        }
    }
}, response);

来源：https://stackoverflow.com/questions/23886941/http-status-405-jsps-only-permit-get-post-or-head