启用S​​pring安全性后,静态资源不再可用

时间:2016-07-14 13:07:39

标签: java spring security

我正在使用一些配置来解决Spring应用程序中的静态资源(js,css等)不再可用的问题。有些人可以指出我错过了什么。这是代码。请注意我的JS和CSS位于以下文件夹中。另请注意,在启用Spring安全性之前,可以访问这些资源

Web Pages ->
     WEB-INF ->
          resources ->
                and here 2 folders js and css

在我的JSP页面中,我希望使用以下链接访问js文件夹中的jquery 

<script src="resources/js/jquery.js"></script>

并且浏览器中的错误是

无法加载资源:http://localhost:8010/resources/js/js.js服务器响应状态为404(未找到)

@Configuration
@EnableScheduling     // if you want certain function running on the backend on recurrning basis like very 5 second a function call itself  then you have to ensbale this.  this will enable all classes defined as Service and Scheduled to be running on backend automatically. see example in  com.outbottle.controllers.ScheduledTasks.java
@ComponentScan("com.outbottle, com.JavaAnatatedClass")   //this will import all beans marked as  @Controller, or @Repository, or @Service, or @Component  in the application context
@ImportResource({"classpath:beans1.xml"})   //this will import all beans in the application context from this xml file
@EnableWebMvc
public class Config extends WebMvcConfigurerAdapter {  

    @Bean  
    public UrlBasedViewResolver setupViewResolver() {  
           .....
           .....
    }  

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {

        registry.addResourceHandler("/resources/**").addResourceLocations("/WEB-INF/resources/**");

    }

这是安全配置文件。 

@Configuration
@EnableWebSecurity
//@PropertySource("classpath:jdbc.properties")
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {


    @Autowired
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {

        AuthenticationService as = new AuthenticationService();    
        auth.userDetailsService(as);
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {

      http.authorizeRequests()
        .antMatchers("/", "/home", "/REST").permitAll() 
        .antMatchers("/resources/**").permitAll()
        .antMatchers("/admin/**").access("hasAuthority('ADMIN')")    //you have to use hasAuthority because in AuthenticationService you are using GrantedAuthority object.    i replaced hasRole with hasAuthority.     check the detailes below in comments
        .antMatchers("/db/**").access("hasAuthority('ADMIN') and hasAuthority('DBA')")

        //Custom Login Form with fields and values
        //.and().formLogin()      //this will show default spring login page
        .and().formLogin().loginPage("/login")
        .usernameParameter("ssoId").passwordParameter("password")    //these aret the fields on the login page for user and password 
        .and().csrf()              
        .and().exceptionHandling().accessDeniedPage("/Access_Denied");

    }

1 个答案:

答案 0 :(得分:0)

我做了一些打击并尝试找到了这个作品

registry.addResourceHandler("/resources/js/*").addResourceLocations("/WEB-INF/resources/js/");
registry.addResourceHandler("/resources/css/*").addResourceLocations("/WEB-INF/resources/css/");

由于某些原因/ WEB-INF / resources / js / *或**无法正常工作

此外,我还将每个目录单独添加到资源中。

Shahzad

相关问题
最新问题