[英]Unable to load static content in spring security
我已经从以下来源构建了基本的spring身份验证服务: https : //spring.io/guides/gs/securing-web/
试图使用Stackoverflow上的几乎所有解决方案包括本地文件夹中的JS文件,但我不能。 当html页面加载时,它说:
“未捕获的ReferenceError:未定义myFunction”
这是我的home.html脚本:
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
<head>
<title>Spring Security Example</title>
<script type="javascript" src="test.js"></script>
</head>
<body onload="myFunction()">
<h1>Welcome!</h1>
<p>Click <a href="/hello">here</a> to see a greeting.</p>
</body>
</html>
这是我的js文件所在的位置,而htmls放置在模板文件夹中。
这是我的mvcConfig代码:
package hello;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
@Configuration
public class MvcConfig implements WebMvcConfigurer {
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/home").setViewName("home");
registry.addViewController("/").setViewName("home");
registry.addViewController("/hello").setViewName("redirect:http://localhost:3000/home.html");
registry.addViewController("/login").setViewName("login");
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
if (!registry.hasMappingForPattern("/webjars/**")) {
registry.addResourceHandler("/webjars/**").addResourceLocations(
"classpath:/META-INF/resources/webjars/");
}
if (!registry.hasMappingForPattern("/**")) {
registry.addResourceHandler("/**").addResourceLocations("classpath:/META-INF/resources/", "classpath:/resources/","classpath:/static/", "classpath:/public/");
}
registry.addResourceHandler("/resources/**")
.addResourceLocations("/resources/");
}
}
WebSecurityConfig代码:
package hello;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home","/resources/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Bean
@Override
public UserDetailsService userDetailsService() {
UserDetails user =
User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}
无论文件夹位于src / main / resources中,您都可以像这样配置它们,在安全配置类中创建此方法,通常我们将静态资源放在src / main / resources中的静态文件夹中。
//this method allows static resources to be neglected by spring security
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/images/**","/assets/**","/fonts/**","/dis/**","/vendor1/**");
}
在WebSecurityConfig
类中,将permitAll设置为仅'/'
, '/home'
和'/resources/**'
。 匿名用户无需安全检查即可访问这三个端点。
对于test.js
文件,src指向当前URL中的test.js
所以,当你在本地主机上运行,浏览器尝试找到test.js
为http://localhost:{port}/{current-page-url}/test.js
例如,如果页面位于/home
则浏览器将调用http://localhost:8080/home/test.js
,但是正如您在WebSecurityConfig
定义的那样,除/home
之外的任何调用都将被Spring Security阻止。 ( /home
与/home/**
)
因此,您需要做的是将src URL更改为<script src="/resources/test.js"></script>
因为/resources/**
端点下的任何内容都可以被任何人访问,并且已经被注册。在MvcConfig
的resourceHandler配置中
registry.addResourceHandler("/resources/**")
.addResourceLocations("classpath:/");
希望这可以帮助! 快乐编码:)
新增:
同样,在<script>
标记中,您应该将type
属性更改为text/javascript
或者只需删除该属性即可使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.