带有Spring Boot的Spring Security 4:静态资源(即CSS,JS,IMG)404问题
[英]Spring Security 4 with Spring Boot: static resource (i.e. css, js, img) 404 issue
问题描述
I'm using Spring Boot with Spring Security to create a web app with SSL enabled (manually created SSL files). 
我正在使用带有Spring Security的Spring Boot来创建启用了SSL(手动创建的SSL文件)的Web应用程序。 Everything is working fine, however, whenever I'm trying to access any static resources like css or js files, it's unable to find those files and also showing following error: 一切工作正常,但是,每当我尝试访问任何静态资源(如CSS或js文件)时,它都无法找到这些文件并显示以下错误:
The resource from “ https://localhost:8443/css/lib/index.css ” was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff).
It's happening not only for the login page but also for other pages too. 这不仅发生在登录页面上,而且也在其他页面上发生。 After successfull login also I'm getting this error. 成功登录后,我也收到此错误。
Below is my security config: 以下是我的安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/css/**"/*, "/js/**", "/img/**", "/error"*/).permitAll()
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.loginPage("/login").permitAll()
.defaultSuccessUrl("/home", true)
.successHandler(authSuccessHandler)
.and()
.headers()
.frameOptions().sameOrigin()
.httpStrictTransportSecurity().disable()
.and()
.logout().addLogoutHandler(new LogoutHandler() {
@Override
public void logout(HttpServletRequest request,HttpServletResponse response, Authentication authentication) {
request.getSession().invalidate();
}
})
.logoutUrl("/logout").permitAll().logoutSuccessUrl("/login")
.invalidateHttpSession(true).logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.deleteCookies("JSESSIONID")
.and()
.sessionManagement().maximumSessions(1);
}
css files are placed in the following path: CSS文件位于以下路径中:
src/main/resources/public/css/lib/index.csss
I'm using Freemarker, and below is how I'm calling this css file: 我正在使用Freemarker,下面是如何调用此CSS文件的方法:
<link rel="stylesheet" href="/css/lib/index.css" type="text/css" media="screen" charset="utf-8"/>
What I'm doing wrong in here? 我在这里做错了什么?
2 个解决方案
解决方案1
0 2016-12-23 19:12:06
If you are not using Boot for AutoConfiguration of WebMvc and have a configuration class that has annotation @EnableWebMvc that extends WebMvcConfigurerAdapter 如果您没有使用Boot进行WebMvc的自动配置,而是拥有一个带有注释@EnableWebMvc的配置类,该类扩展了WebMvcConfigurerAdapter
Then override the following method, it adds the required location for /public/** 然后覆盖以下方法,它为/ public / **添加所需的位置
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/public/**")
.addResourceLocations("/public/");
And in the Security Configuration file , add following : 在“安全配置”文件中,添加以下内容:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/public/**");
}
}
This will ensure that /public/** is excluded from security preview 这将确保/ public / **被排除在安全预览之外
解决方案2
-1 2016-12-16 14:03:59
Try to ignore and exclude these resources from processing at all: 尝试完全忽略并从处理中排除这些资源:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/css/**","/js/**","/img/**","/error/**");
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.