Spring Security不提供静态内容
[英]Spring Security not serving static content
问题描述
I'm trying to get spring security to allow the serving of static files like .css .js etc. without need to login first. 
我正在尝试获得春季安全性,以允许无需先登录即可提供.css .js等静态文件。
I've tried creating MVC config with resource handler and changing rules in spring security config, but nothing seems to be working. 我试图用资源处理程序创建MVC配置,并在spring安全配置中更改规则,但是似乎没有任何效果。
MvcConfig.java: MvcConfig.java:
@Configuration
@EnableWebMvc
public class MvcConfig implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/assets/**")
.addResourceLocations("/assets/");
}
}
SecurityConfig.java: SecurityConfig.java:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/assets/**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers("/assets/**");
}
}
When I go to http://localhost:8080/assets/js/particles.min.js I'm expecting it to return the file contents but every time I try links like localhost:8080/assets/* it returns the content of login.html 当我转到http:// localhost:8080 / assets / js / particles.min.js时,我期望它返回文件内容,但是每次尝试像localhost:8080 / assets / *这样的链接时,它都会返回login.html
3 个解决方案
解决方案1
1 已采纳 2019-06-05 16:04:30
Supposing that your static files are under src/main/resources : 假设您的静态文件位于src/main/resources :
There are two main pieces to configure: 需要配置两个主要部分:
Implement the WebMvcConfigurer interface to discover your static resources: 实现WebMvcConfigurer接口以发现您的静态资源:
@Configuration
public class MvcConfig implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
if (!registry.hasMappingForPattern("/assets/**")) {
registry.addResourceHandler("/assets/**")
.addResourceLocations("/assets/");
}
}
}
Setup your security configuration to allow static resources (such as CSS, JavaScripts and images) to be publicly accessible: 设置安全配置,以允许静态资源(例如CSS,JavaScript和图像)可以公开访问:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
// Your settings
@Override
protected void configure(HttpSecurity http) throws Exception {
// Your AuthN handlers and filter chain...
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/css/**").permitAll()
.antMatchers("/img/**").permitAll()
.antMatchers("/js/**").permitAll()
.anyRequest().authenticated();
// Logout handler...
}
}
Supposing that you have a CSS file as follows: 假设您有一个CSS文件,如下所示:
src/main/resources/assets/css/layout.css
The web server will make it accessible at: Web服务器将使其可在以下位置访问:
http://<root_url>:<port>/css/layout.css
解决方案2
0 2019-06-05 14:40:47
Try to change to: 尝试更改为:
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/assets/").permitAll()
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
解决方案3
-1 2019-06-05 13:00:46
web.ignoring().antMatchers("/assets/**");
The statement above will tell spring security to Ignore any request that starts with “/assets/” . 上面的语句将告诉Spring Security忽略任何以“ / assets /”开头的请求。 So if i were you, i will remove all the following configuration: 因此,如果我是您,我将删除以下所有配置:
.antMatchers("/", "/assets/**")
.permitAll()
fom the configure(HttpSecurity http) method. 可以使用configure(HttpSecurity http)方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.