[英]Error 403 on image when using Spring Boot + Spring Security
I'm trying out Spring Boot for the first time and I'm stuck with an error 403 that I can't figure out how to get around 我第一次尝试使用Spring Boot,但遇到了错误403,我不知道该如何解决
I've created an admin page using thymeleaf: 我使用百里香创建了一个管理页面:
<!DOCTYPE HTML>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>The Link Application</title>
<link rel="stylesheet" href="css/bootstrap.min.css"/>
</head>
<body>
<nav class="navbar navbar-default">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle Navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">
<img src="img/Company-logo-sm-header.png" />
</a>
</div>
</div>
</nav>
...
The CSS loads perfectly and is located at src/main/resources/static/css
, the image that's giving me the error 403 is located at src/main/resources/static/img
CSS完美加载,位于
src/main/resources/static/css
,给我错误403的图像位于src/main/resources/static/img
This is my Application
class: 这是我的
Application
类:
@Configuration
@ComponentScan
@EnableAutoConfiguration
public class Application {
public static void main(String[] args) throws Exception {
SpringApplication.run(Application.class, args);
}
}
I've got an MVC Config class: 我有一个MVC Config类:
@Configuration
public class MvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/home").setViewName("home");
registry.addViewController("/").setViewName("home");
registry.addViewController("/hello").setViewName("hello");
registry.addViewController("/login").setViewName("login");
}
}
And a security config which I'm not sure if I'm using it correctly, antMatchers(...).permitAll()
to me seems like it should allow images: 我不确定
antMatchers(...).permitAll()
是一个安全配置,如果我不能正确使用它,它似乎应该允许图像:
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/public/**", "/resources/**","/resources/public/**").permitAll()
.antMatchers("/", "/home", "/link").permitAll()
.antMatchers("/css/**", "/js/**", "/img/**", "**/favicon.ico").anonymous()
.antMatchers("/admin").hasRole("ADMIN")
.anyRequest().authenticated().and()
.formLogin().loginPage("/login").permitAll().and()
.logout().permitAll();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("admin").password("admin").roles("USER", "ADMIN").and()
.withUser("user").password("user").roles("USER");
}
}
I'm using Spring Boot 1.3.3 I don't have a public directory in /src/main/resources
, all my static content is going into /src/main/resources/static
, css is going into the css subfolder, js is going into the js subfolder and they both work fine when doing <link rel="stylesheet" href="css/bootstrap.min.css"/>
or <script src="js/jquery-2.2.1.min.js"></script>
我正在使用Spring Boot 1.3.3,我在
/src/main/resources
没有公共目录,我所有的静态内容都在/src/main/resources/static
,css在css子文件夹js中正在进入js子文件夹,并且在执行<link rel="stylesheet" href="css/bootstrap.min.css"/>
或<script src="js/jquery-2.2.1.min.js"></script>
时,它们都可以正常工作<script src="js/jquery-2.2.1.min.js"></script>
Any idea why my image in /src/main/resouces/static/img
is giving me an error 403 and the CSS in /src/main/resouces/static/css
and JS in /src/main/resouces/static/js
are not? 知道为什么我的
/src/main/resouces/static/img
给我一个错误403,而/src/main/resouces/static/css
和/src/main/resouces/static/js
是不?
I think it's just your security config that needs work. 我认为只是您的安全配置需要工作。
You don't need this line since that's just where the static assets are being served from. 您不需要此行,因为这正是从中提供静态资产的地方。 It's not a path that will be accessible.
这不是一条可访问的路径。
.antMatchers("/public/**", "/resources/**","/resources/public/**").permitAll()
As for this line, try change .anonymous()
to .permitAll()
and you should be able to access the images. 对于此行,尝试将
.anonymous()
更改为.permitAll()
,您应该可以访问图像。
.antMatchers("/css/**", "/js/**", "/img/**", "**/favicon.ico").anonymous()
I want to add some additions to above Patrick answer , the answer helped me, but there was another my mistake. 我想在Patrick答案之上添加一些补充内容,该答案对我有所帮助,但是我还有另一个错误。 When I add
当我添加
.antMatchers("/assets/css/**", "/assets/js/**", "/assets/img/**", "**/favicon.ico").permitAll();
error code with 403
changed to 404
. 403
错误代码更改为404
。 Because I forgot to add 因为我忘了加
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/assets/**").addResourceLocations("/assets/");
}
I found this from another source . 我从另一个来源找到了这个。 I hope somebody else will not repeat my mistake.
我希望其他人不会重复我的错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.