HTTP Status 405 - Request method 'POST' not supported in Spring MVC with Spring Security

I created a spring mvc application using freemarker template as view part. In this tried to add a model using forms.I am also using spring security Here is the code

    <legend>Add Employee</legend>
  <form name="employee" action="addEmployee" method="post">
    Firstname: <input type="text" name="name" /> <br/>
    Employee Code: <input type="text" name="employeeCode" />   <br/>
    <input type="submit" value="   Save   " />
@RequestMapping(value = "/addEmployee", method = RequestMethod.POST)
    public String addEmployee(@ModelAttribute("employee") Employee employee) {
        return "employee";
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns=""

<!-- Spring MVC -->



    <!-- Spring Security -->


<beans:beans xmlns=""

    <http security="none" pattern="/resources/**"/>
    <!-- enable use-expressions -->
    <http auto-config="true" use-expressions="true">
        <intercept-url pattern="/login" access="isAnonymous()"/>
        <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" />

        <!-- access denied page -->
        <access-denied-handler error-page="/403" />
            password-parameter="password" />
        <logout logout-success-url="/login?logout" />
        <!-- enable csrf protection -->
        <csrf />

        <authentication-provider user-service-ref="userDetailsService" >
            <password-encoder hash="bcrypt" />    


When click submit button it returns error `

HTTP Status 405 - Request method 'POST' not supported

` I gave POST method on both ftl and controller. Then why would this happen?


I am not sure if this helps but I had the same problem.

You are using springSecurityFilterChain with CSRF protection. That means you have to send a token when you send a form via POST request. Try to add the next input to your form:

<input type="hidden"

As far as I saw, the mentioned solutions didn't work for latest SpringSecurity. Instead of passing through with hidden you can also send it through the action URL like below:

<form method="post" action="doUpload?${_csrf.parameterName}=${_csrf.token}" enctype="multipart/form-data">

I found the solution. It is because of spring security Cross Site Request Forgery (CSRF) protection. It blocks the url. So i added an extra field inside the form.

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>

Now it is working properly.

Try to replace:




Unless you are using Spring 3.2

EDIT after seeing XML:

Try to move servlet-context.xml to your WEB-INF directory and rename it 'appServlet-context.xml'. Then remove the line:


From the contextConfigLocation in your web.xml.

The convention is that the context xml file is named '[servlet-name]-context.xml' where [servlet-name] is the name of the DispatcherServlet.

Also try to add a '/' to your form action, so:


This works for me:


another solution (but every form)

<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>

Need Your Help

Angular ng-repeat with ng-form, accessing validation in controller

angularjs validation angularjs-ng-repeat angularjs-ng-form

I am trying to generate an editable list using ng-repeat. I want to remind the user to update any edits before moving on, so I am using ng-form to create "nested" forms on the fly because the

Bulk update attribute on multiple models in ActiveRecord?

ruby-on-rails activerecord

I have a simple has_many association, and I want to change an attribute from public to private the associated object. What's the best way to do this: