Spring Boot 安全性未加载 Angular 7 应用程序构建文件
[英]Spring boot security is not loading Angular 7 app build files
问题描述
I am trying to build war file by including angular build files.
我正在尝试通过包含角度构建文件来构建战争文件。 I have placed Angular 7 build files inside src/main/resources/static folder.我已将 Angular 7 构建文件放在src/main/resources/static文件夹中。 I am using Gradle as build tool.我使用 Gradle 作为构建工具。
Security class looks as mentioned below.安全类如下所述。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableGlobalAuthentication
public class JWTWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JwtUnAuthorizedResponseAuthenticationEntryPoint jwtUnAuthorizedResponseAuthenticationEntryPoint;
@Autowired
private UserDetailsService jwtInMemoryUserDetailsService;
@Autowired
private JwtTokenAuthorizationOncePerRequestFilter jwtAuthenticationTokenFilter;
@Value("${jwt.get.token.uri}")
private String authenticationPath;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(jwtInMemoryUserDetailsService)
.passwordEncoder(passwordEncoderBean());
}
@Bean
public PasswordEncoder passwordEncoderBean() {
return new BCryptPasswordEncoder();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(jwtUnAuthorizedResponseAuthenticationEntryPoint).and()
//.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS,"/fbts/api**").permitAll()
.anyRequest().authenticated().and()
.httpBasic()
.and().formLogin().disable();
httpSecurity
.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
httpSecurity
.headers()
.frameOptions().sameOrigin() //H2 Console Needs this setting
.cacheControl(); //disable caching
}
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity
.ignoring()
.antMatchers(
HttpMethod.POST,
authenticationPath
)
.antMatchers(HttpMethod.OPTIONS, "/**")
.and()
.ignoring()
.antMatchers(
HttpMethod.GET,
"/" //Other Stuff You want to Ignore
)
.and()
.ignoring()
.antMatchers("/h2-console/**/**");
}
}
I am getting below issue while trying to access the app我在尝试访问该应用程序时遇到以下问题
Do I want to add anything to ignore .js files.我想添加任何内容来忽略 .js 文件吗? I also tried ignoring .js files, but when I ignored .js files my Rest API's are not secured.我也尝试忽略 .js 文件,但是当我忽略 .js 文件时,我的 Rest API 不安全。 Any help is appreciated.任何帮助表示赞赏。
1 个解决方案
解决方案1
0 2019-12-12 09:39:20
In your last code line .antMatchers("/h2-console/**/**");在你的最后一行代码中.antMatchers("/h2-console/**/**"); you have to add all resources that should be excluded from authorization.您必须添加应从授权中排除的所有资源。 For instance例如
.antMatchers("/h2-console/**/**"."/resources/**", "/static/**", "/assets/**", "/index.html", "/**/*.css", "/**/*.js", "/**/*.png", "/**/*.jpg", "/**/*.gif", "/**/*.svg", "/**/favicon.ico");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.