Question

尝试使用Spring boot和thymeleaf创建一个简单的登录页面。但由于某些原因，当用户在成功输入详细信息后尝试登录时，会将他们带到无效页面，即javascript页面

requestURI: arg1=/js/jquery-1.11.2.min.js; arg2=/login (property not equals)

例如，用户点击/ cms / home并将他们带到登录页面，一旦他们登录，他们就应该被带回/ cms / home。这是我的代码

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Override
public void configure(HttpSecurity httpSecurity) throws Exception{

    httpSecurity
            .authorizeRequests()
            .antMatchers("/", "/resources/**").permitAll()
            .anyRequest().fullyAuthenticated()
            .and()
            .formLogin()
            .loginPage("/login")
            .failureUrl("/login?error")
            .permitAll()
            .and()
            .logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl("/")
            .permitAll();


}

@Override
public void configure(WebSecurity security){
    security.ignoring().antMatchers("/css/**","/fonts/**","js/**","/CMS/css/**","/CMS/js/**","/libs/**");
}

这是登录页面

   <!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:th="http://www.thymeleaf.org">

<head>
    <meta charset="UTF-8"/>

    <link href="../static/css/bootstrap.min.css"
          th:href="@{/css/bootstrap.min.css}"
          rel="stylesheet" media="screen" />

    <script href="../static/js/bootstrap.min.js"
            th:href="@{/js/bootstrap.min.js}"
            ></script>

    <script  href="../static/js/jquery-1.11.2.min.js"
            th:src="@{/js/jquery-1.11.2.min.js}"></script>

    <link href="../static/CMS/css/login.css"
          th:href="@{/CMS/css/login.css}"
          rel="stylesheet" media="screen" />



    <title>CMS Login</title>
</head>
<body>

<div class="container">

    <div class="row" id="pwd-container">
        <div class="col-md-4"></div>

        <div class="col-md-4">
            <section class="login-form">
                <div th:if="${param.error}">
                    Invalid username and password.
                </div>
                <div th:if="${param.logout}">
                    You have been logged out.
                </div>
                <form  th:action="@{/login}"  method="post" role="login">



                    <input type="text" name="username" placeholder="Email" required="" class="form-control input-lg" value="myOwnUser" />

                    <input type="password"  name="password" class="form-control input-lg" id="password" placeholder="Password" required=""  value="myOwnPassword"/>

                    <button type="submit" name="go" class="btn btn-lg btn-primary btn-block">Sign in</button>
                    <div>
                       <a href="#">reset password</a>
                    </div>

                </form>

                <div class="form-links">
                    <a href="#">www.website.com</a>
                </div>
            </section>
        </div>

        <div class="col-md-4"></div>


    </div>
</div>

</body>
</html>

如果有人可以提供帮助那就太棒了

Answer 1

在你的蚂蚁匹配器中你忘记了一个/ "js/**"所以它不允许加载/js/jquery-1.11.2.min.js直到用户登录，然后在登录你的应用程序后首先加载现在已获得授权的文件。

Spring引导安全性无效的requestURI

1 个答案: