Spring Security资源

时间:2014-07-23 17:47:10

标签: spring authentication spring-security resources

您好我正在使用Spring安全(注释),我需要您的帮助才能知道如何忽略对资源的所有请求(css,js,图像等)。

项目结构:

http://imgur.com/wt6qsvk

SecurityConfig类:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
        throws Exception {
    auth.inMemoryAuthentication().withUser("admin").password("123456")
            .roles("ADMIN");
}

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests().antMatchers("/")
            .access("hasRole('ROLE_ADMIN')").and().formLogin()
            .loginPage("/signin").failureUrl("/signin?error")
            .usernameParameter("username").passwordParameter("password")
            .and().logout().logoutSuccessUrl("/signin?signout").and()
            .csrf();

    http.authorizeRequests().antMatchers("/home")
            .access("hasRole('ROLE_ADMIN')").and().formLogin()
            .loginPage("/signin").failureUrl("/signin?error")
            .usernameParameter("username").passwordParameter("password")
            .and().logout().logoutSuccessUrl("/signin?signout").and()
            .csrf();
}

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/app/resources/**");
}
}

针对home.jsp:

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ page session="true"%>
<html>
<head>
<title>${title}</title>
</head>
<body>
<h1>Hello world!</h1>
<P>The time on the server is ${serverTime}.</P>
<c:url value="/j_spring_security_logout" var="logoutUrl" />
<form action="${logoutUrl}" method="POST" id="logoutForm">
    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>
<script>
    function formSubmit() { document.getElementById("logoutForm").submit(); }
</script>

<c:if test="${pageContext.request.userPrincipal.name != null}">
    <h2>Welcome : ${pageContext.request.userPrincipal.name} | 
        <a href="javascript:formSubmit()"> Logout</a>
    </h2>
</c:if>
</body>
</html>

的signin.jsp:

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form"%>
<%@ page session="true" language="java"%>
<html lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="shortcut icon" href="resources/images/favicon.ico">

<title>Sign In</title>
<link
href='http://fonts.googleapis.com/css?family=Roboto:400,400italic,300,700,900'
rel='stylesheet' type='text/css'>
<link href='http://fonts.googleapis.com/css?family=Raleway:300,200,100'
rel='stylesheet' type='text/css'>

<!-- Bootstrap core CSS -->
<link href="resources/js/bootstrap/dist/css/bootstrap.css"
rel="stylesheet">
<link rel="stylesheet"
href="resources/fonts/font-awesome-4/css/font-awesome.min.css">

<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
  <script src="resources/js/bootstrap/assets/js/html5shiv.js"></script>
  <script src="resources/js/bootstrap/assets/js/respond.min.js"></script>
<![endif]-->

<!-- Custom styles for this template -->
<link href="resources/css/style.css" rel="stylesheet" />

</head>

<body class="texture" onload="document.loginForm.username.focus();">

<div id="cl-wrapper" class="login-container">

    <div class="middle-login">
        <div class="block-flat">
            <div class="header">
                <h3 class="text-right">
                    <img src="resources/images/logo.png" alt="logo" />
                </h3>
            </div>
            <div>
                <form name="loginForm" style="margin-bottom: 0px !important;"
                    class="form-horizontal"
                    action="<c:url value='j_spring_security_check' />" method="POST">
                    <div class="content">
                        <h4 class="title">Login Access</h4>
                        <div class="form-group">
                            <div class="col-sm-12">
                                <div class="input-group">
                                    <span class="input-group-addon"><i class="fa fa-user"></i></span>
                                    <input name="sso" type="text" placeholder="Single Sign On"
                                        id="sso" class="form-control" required="required" autofocus
                                        autocomplete="off" pattern="[0-9]x"
                                        title="Enter with a numeric SSO [0-9]" /> 
                                    <input  type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
                                </div>
                            </div>
                        </div>
                        <div class="form-group">
                            <div class="col-sm-12">
                                <div class="input-group">
                                    <span class="input-group-addon"><i class="fa fa-lock"></i></span>
                                    <input name="password" type="password" placeholder="Password"
                                        id="password" class="form-control" required="required" />
                                </div>
                            </div>
                        </div>
                    </div>
                    <div class="foot">
                        <c:choose>
                            <c:when test="${param.auth_error == 2}">
                                <p class="error-msg" role="alert">Enter authentication
                                    info.</p>
                            </c:when>
                            <c:when test="${param.auth_error == 1}">
                                <p class="error-msg" role="alert">The email or password you
                                    entered is incorrect.</p>
                            </c:when>
                        </c:choose>
                        <button class="btn btn-primary" data-dismiss="modal"
                            type="submit">Log me in</button>
                    </div>
                </form>
            </div>
        </div>
        <div class="text-center out-links">
            <a href="#">Copyright &copy;</a>
        </div>
    </div>


</div>

<script src="resources/js/jquery.js"></script>
<script type="text/javascript" src="resources/js/behaviour/general.js"></script>

<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="resources/js/behaviour/voice-commands.js"></script>
<script src="resources/js/bootstrap/dist/js/bootstrap.min.js"></script>
<script type="text/javascript"
    src="resources/js/jquery.flot/jquery.flot.js"></script>
<script type="text/javascript"
    src="resources/js/jquery.flot/jquery.flot.pie.js"></script>
<script type="text/javascript"
    src="resources/js/jquery.flot/jquery.flot.resize.js"></script>
<script type="text/javascript"
    src="resources/js/jquery.flot/jquery.flot.labels.js"></script>
</body>
</html>

当我被重定向到登录页面时,这是输出:

WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/app/resources/js/bootstrap/dist/css/bootstrap.css] in DispatcherServlet with name 'dispatcher'
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/app/resources/js/behaviour/general.js] in DispatcherServlet with name 'dispatcher'
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/app/resources/images/SABIC_Wordmark_RGB.png] in DispatcherServlet with name 'dispatcher'
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/app/resources/fonts/font-awesome-4/css/font-awesome.min.css] in DispatcherServlet with name 'dispatcher'
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/app/resources/css/style.css] in DispatcherServlet with name 'dispatcher'
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/app/resources/js/jquery.js] in DispatcherServlet with name 'dispatcher'
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/app/resources/js/behaviour/voice-commands.js] in DispatcherServlet with name 'dispatcher'
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/app/resources/js/jquery.flot/jquery.flot.pie.js] in DispatcherServlet with name 'dispatcher'
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/app/resources/js/jquery.flot/jquery.flot.resize.js] in DispatcherServlet with name 'dispatcher'
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/app/resources/js/jquery.flot/jquery.flot.labels.js] in DispatcherServlet with name 'dispatcher'
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/app/resources/js/bootstrap/dist/js/bootstrap.min.js] in DispatcherServlet with name 'dispatcher'
WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/app/resources/js/jquery.flot/jquery.flot.js] in DispatcherServlet with name 'dispatcher'

1 个答案:

答案 0 :(得分:1)

您需要在Web配置中明确定义静态资源映射。

示例:

@EnableWebMvc
@Configuration
public class yourWebConfig extends WebMvcConfigurerAdapter {

 //..

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/assets/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
        registry.addResourceHandler("/css/**").addResourceLocations("/css/");
        registry.addResourceHandler("/img/**").addResourceLocations("/img/");
        registry.addResourceHandler("/js/**").addResourceLocations("/js/");
    }

 //..
}
相关问题
最新问题