英文:
Visability of static resourses in Thymeleaf with using Spring security
问题
我有一个类似这样的目录结构:
-resources
|
|-static
| |-css
| |-js
|-templates
|-error
|-fragments
并且这是配置部分:
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/login").not().fullyAuthenticated()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/main").hasRole("USER")
.antMatchers("/resources/**", "/registration").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/main")
.permitAll()
.and()
.logout()
.permitAll()
.logoutSuccessUrl("/login");
}
而我需要一些帮助:1)我的静态资源在授权之前不可见
2)在授权后重定向到css或js文件
请帮帮我。我做错了什么?
英文:
I have a directory hierarchy like this:
-resources
|
|-static
| |-css
| |-js
|-templates
|-error
|-fragments
And This cofigure:
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/login").not().fullyAuthenticated()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/main").hasRole("USER")
.antMatchers("/resources/**", "/registration").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/main")
.permitAll()
.and()
.logout()
.permitAll()
.logoutSuccessUrl("/login");
}
And I need some help: 1) My static resources are not visible until authorization
2) Redirect to css or js files after authorization
Please help me. What I do wrong?
答案1
得分: 1
你应该在资源文件夹中创建一个名为 "public" 的文件夹,Spring 将会为存放在 /css/**、/js/**、/images/** 文件夹中的文件提供无需身份验证的访问权限,适用于所有人。
如果你将 img.jpg 放入 images 文件夹中,就像这样 src/main/resources/public/images/img.jpg,它将可以通过 http://localhost:8080/images/img.jpg 进行访问。
英文:
You should create public folder in your resources folder and Spring will serve files which are placed in /css/**, /js/**, /images/** folders without auth, to everyone.
If you place img.jpg in images folder like that src/main/resources/public/images/img.jpg it will be accessible at http://localhost:8080/images/img.jpg
答案2
得分: 0
private static final String[] PUBLIC_MATCHERS = {
"/css/**",
"/js/**",
"/images/**",
};
//...
http
.authorizeRequests()
.antMatchers(PUBLIC_MATCHERS)
.permitAll()
.anyRequest()
.authenticated();
//...
英文:
Try this:
private static final String[] PUBLIC_MATCHERS = {
"/css/**",
"/js/**",
"/images/**",
};
//...
http
.authorizeRequests().
antMatchers(PUBLIC_MATCHERS).
permitAll().anyRequest().authenticated();
//...
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论