在使用Spring Security时,Thymeleaf中静态资源的可见性

huangapple go评论65阅读模式
英文:

Visability of static resourses in Thymeleaf with using Spring security

问题

我有一个类似这样的目录结构:

-resources
|
|-static
|  |-css
|  |-js
|-templates
   |-error
   |-fragments

并且这是配置部分:

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
                .csrf()
                .disable()
                .authorizeRequests()
                .antMatchers("/login").not().fullyAuthenticated()
                .antMatchers("/admin/**").hasRole("ADMIN")
                .antMatchers("/main").hasRole("USER")
                .antMatchers("/resources/**", "/registration").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/login")
                .defaultSuccessUrl("/main")
                .permitAll()
                .and()
                .logout()
                .permitAll()
                .logoutSuccessUrl("/login");
    }

而我需要一些帮助:1)我的静态资源在授权之前不可见
2)在授权后重定向到css或js文件

请帮帮我。我做错了什么?

英文:

I have a directory hierarchy like this:

-resources
|
|-static
|  |-css
|  |-js
|-templates
   |-error
   |-fragments

And This cofigure:

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
                .csrf()
                .disable()
                .authorizeRequests()
                .antMatchers("/login").not().fullyAuthenticated()
                .antMatchers("/admin/**").hasRole("ADMIN")
                .antMatchers("/main").hasRole("USER")
                .antMatchers("/resources/**", "/registration").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/login")
                .defaultSuccessUrl("/main")
                .permitAll()
                .and()
                .logout()
                .permitAll()
                .logoutSuccessUrl("/login");
    }

And I need some help: 1) My static resources are not visible until authorization
2) Redirect to css or js files after authorization

Please help me. What I do wrong?

答案1

得分: 1

你应该在资源文件夹中创建一个名为 "public" 的文件夹,Spring 将会为存放在 /css/**/js/**/images/** 文件夹中的文件提供无需身份验证的访问权限,适用于所有人。

如果你将 img.jpg 放入 images 文件夹中,就像这样 src/main/resources/public/images/img.jpg,它将可以通过 http://localhost:8080/images/img.jpg 进行访问。

英文:

You should create public folder in your resources folder and Spring will serve files which are placed in /css/**, /js/**, /images/** folders without auth, to everyone.

If you place img.jpg in images folder like that src/main/resources/public/images/img.jpg it will be accessible at http://localhost:8080/images/img.jpg

答案2

得分: 0

private static final String[] PUBLIC_MATCHERS = {
    "/css/**",
    "/js/**",
    "/images/**",
};
//...
http
    .authorizeRequests()
    .antMatchers(PUBLIC_MATCHERS)
    .permitAll()
    .anyRequest()
    .authenticated();
//...
英文:

Try this:

private static final String[] PUBLIC_MATCHERS = {
		"/css/**",
		"/js/**",
		"/images/**",
};
//...
	http
		.authorizeRequests().
		antMatchers(PUBLIC_MATCHERS).
		permitAll().anyRequest().authenticated();
//...

huangapple
  • 本文由 发表于 2020年10月13日 15:43:25
  • 转载请务必保留本文链接:https://go.coder-hub.com/64330769.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定