I have the following problem:
Request method ‘POST’ not supported
I’m doing it in java “Sprint Boot” and I know that the error is due to the security configuration:
String urlMercadoPago = “/pagomercadopago”;
.antMatchers(urlMercadoPago+”/**”).permitAll()
But the strange thing is that in this case I’m allowing everything, so I shouldn’t have an error.
This is my controller:
@PostMapping(“/pagomercadopago/notificaciones”)
To be more specific, this is my security configuration:
package com.infomarketing.thefrontendforerpsernyc.security;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAuthenticationProvider customAuthenticationProvider;
@Autowired
private AutenticadorHomeUsuarios autenticadorHomeUsuarios;
String urlWebpayExito = "/public/contacto";
String urlMercadoPago = "/pagomercadopago";
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.ignoringRequestMatchers(request -> "XMLHttpRequest".equals(request.getHeader("X-Requested-With")))
.ignoringAntMatchers(urlWebpayExito)
.and()
.authorizeRequests()
.antMatchers(urlMercadoPago+"/**").permitAll()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and()
.exceptionHandling()
.accessDeniedPage("/")
.and()
.formLogin()
.loginPage("/sistema")
.and()
.logout()
.logoutUrl("/salir").permitAll()
.logoutSuccessUrl("/")
.and()
.csrf().csrfTokenRepository(csrfTokenRepository());
}
@Bean
public CsrfTokenRepository csrfTokenRepository() {
CookieCsrfTokenRepository repository = CookieCsrfTokenRepository.withHttpOnlyFalse();
return repository;
}
@Bean
public static PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
Using the “simulate notification” tool of the payment market integration:
enter image description here
My test code is as follows:
@GetMapping("/pagomercadopago")
public ModelAndView obtenerTransaccionMercadoPago() throws MPException, MPApiException, ViewRendererException {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
//Usuarios usuarioLogeado = (Usuarios) auth.getPrincipal();
ModelAndView mav = new ModelAndView();
String html = "";
ConfiguracionMaestra configuracionMaestra = configuracionMaestraService.obtenerConfiguracionMaestraActiva();
//MercadoPagoConfig.setAccessToken(configuracionMaestra.getMercadopagoBearerToken());
MercadoPagoConfig.setAccessToken(mercadopagoAccessToken);
PreferenceItemRequest itemRequest =
PreferenceItemRequest.builder()
.id("1234")
.title("Revisar los avances de la denuncia")
.description("Avances de la denuncia que tienes en curso.")
.categoryId("denuncia")
.quantity(1)
.currencyId("CLP")
.unitPrice(new BigDecimal("100"))
.build();
List<PreferenceItemRequest> items = new ArrayList<>();
items.add(itemRequest);
PreferenceBackUrlsRequest backUrls =
PreferenceBackUrlsRequest.builder()
//los dominios no puede ser locales
.success(dominioUrl+"/pagomercadopago/exito")
.pending(dominioUrl+"/pagomercadopago/fail")
.failure(dominioUrl+"/pagomercadopago/pendiente")
.build();
PreferenceRequest request = PreferenceRequest.builder()
.items(items)
.backUrls(backUrls)
//.notificationUrl("https://techkeeper.cl/pagomercadopago/notificaciones")
.build();
PreferenceClient client = new PreferenceClient();
Preference preference = client.create(request);
//mav.addObject("mercadoPagoPublicKey", configuracionMaestra.getMercadopagoPublicoClientId());
mav.addObject("mercadoPagoPublicKey", mercadopagoPublicKey);
//mav.addObject("usuario", usuarioLogeado);
mav.addObject("idPreference", preference.getId());
html=vistasService.cargarVistas("HEAD-PUBLICO");
html+=vistasService.cargarVistas("NAVBAR-PUBLICO");
html+=vistasService.cargarVistas("VISTA-PAGO-MERCADOPAGO");
html+=vistasService.cargarVistas("FOOTER-PUBLICO");
mav.setViewName(html);
return mav;
}
Notification Post Settings:
@PostMapping("/pagomercadopago/notificaciones")
public String notificacionesPagoMercadoPago(
@RequestHeader("x-signature") String signatureHeader,
@RequestParam(name="topic", required=false) String topic ,
@RequestParam(name="id" , required=false) String idMerchantOrder,
@RequestParam(name="type" , required=false) String type,
@RequestParam(name="data.id" , required=false) String idPayment) throws IOException, ViewRendererException {
System.out.println("notificaciones mercadopago");
System.out.println(signatureHeader);
String[] parts = signatureHeader.split(",");
String ts = null;
String v1 = null;
for (String part : parts) {
if (part.startsWith("ts=")) {
ts = part.substring(3);
} else if (part.startsWith("v1=")) {
v1 = part.substring(3);
}
}
// Template original
String template = "id:[data.id_url];ts:[ts_header];";
template = template.replace("[data.id_url]", idPayment).replace("[ts_header]", ts);
String cyphedSignature = new HmacUtils("HmacSHA256", "34c22c74aaf0ebb7ffd1fce3c8b0a5e33d6063827976ce59f10f500bb371f393").hmacHex(template);
System.out.println("cyphedSignature: "+cyphedSignature);
System.out.println("v1: "+v1);
//Usuarios usuario = generalController.obtenerUsuarioLogeado();
mercadoPagoService.completaPagoMercadoPago(topic, idMerchantOrder, type, idPayment, usuario.getIdUsuario());
return "OK";
}
New contributor
Richard Figueroa is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.