我有一个Spring Boot Application用作安全的REST API后端。 我想有一些静态页面,其中包含有关该API的文档(例如,我想使用Wiki)
据我所知,我不能让它显示静态内容:例如我尝试使用greeting example并调用http://localhost:8080/greeting它会显示“问候语”(不提供greeting.html页面)
我怀疑这个问题与Spring Security中的某些过滤器有关。
这是被调用的过滤器链
o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring FrameworkServlet 'dispatcherServlet'
o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started
o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 19 ms
o.s.security.web.FilterChainProxy : /greeting at position 1 of 7 in additional filter chain; firing Filter: 'HeaderWriterFilter'
o.s.security.web.FilterChainProxy : /greeting at position 2 of 7 in additional filter chain; firing Filter: 'StatelessLoginFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/greeting'; against '/api/login'
o.s.security.web.FilterChainProxy : /greeting at position 3 of 7 in additional filter chain; firing Filter: 'StatelessAuthenticationFilter'
o.s.security.web.FilterChainProxy : /greeting at position 4 of 7 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
o.s.security.web.FilterChainProxy : /greeting at position 5 of 7 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
o.s.security.web.FilterChainProxy : /greeting at position 6 of 7 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
o.s.security.web.FilterChainProxy : /greeting at position 7 of 7 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/greeting'; against '/'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/greeting'; against '/documentation'
o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/greeting'; against '/greeting'
o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /greeting; Attributes: [permitAll]
o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@58e65a6f, returned: 1
o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
o.s.security.web.FilterChainProxy : /greeting reached end of additional filter chain; proceeding with original chain
o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
我把greeting.html文件放在src / main / webapp / WEB-INF / templates和src / main / resources / templates中,我试着在application.properties中指定
# For the standard MVC JSTL view resolver
spring.view.prefix=/WEB-INF/templates/
spring.view.suffix=.html
我尝试了这些stackoverflow中提出的解决方案:“Spring Boot not serving static content”和“spring boot not launching static web content”,但没有任何改变......
最后这是WebSecurityConfigurerAdapter:
public class StatelessAuthenticationSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private TokenAuthenticationService tokenAuthenticationService;
@Autowired
private LDAPAuthenticationService ldapAuthenticationService;
@Value("${ldap.useLdapForAuthentication}")
private String useLdapForAuthentication;
public StatelessAuthenticationSecurityConfig() {
super(true);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.exceptionHandling().and()
.anonymous().and()
.servletApi().and()
.headers().cacheControl().and()
.authorizeRequests()
//allow anonymous resource requests
.antMatchers("/").permitAll()
.antMatchers("/documentation").permitAll()
.antMatchers("/greeting").permitAll()
.antMatchers("/favicon.ico").permitAll()
.antMatchers("/resources/**").permitAll()
//allow anonymous POSTs to login
.antMatchers(HttpMethod.OPTIONS, "/api/login").permitAll()
.antMatchers(HttpMethod.POST, "/api/login").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/api/**").permitAll()
.antMatchers(HttpMethod.POST, "/api/**").hasAnyRole("ADMIN", "USER")
.antMatchers(HttpMethod.GET, "/api/**").hasAnyRole("ADMIN", "USER") //e compagnia cantando
//defined Admin only API area
.antMatchers("/admin/**").hasRole("ADMIN")
//all other request need to be authenticated
.anyRequest().hasRole("USER")
.and()
// custom JSON based authentication by POST of {"username":"<name>","password":"<password>"} which sets the token header upon authentication
.addFilterBefore(new StatelessLoginFilter("/api/login", tokenAuthenticationService, userDetailsService, ldapAuthenticationService, authenticationManager(), useLdapForAuthentication), UsernamePasswordAuthenticationFilter.class)
// custom Token based authentication based on the header previously given to the client
.addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected UserDetailsService userDetailsService() {
return userDetailsService;
}
}
.antMatchers(“/ resources / **”)。permitAll() - 应允许访问资源/模板
我真的无法理解为什么它不呈现网页内容 拜托,你能给我一些提示吗?
EDIT1
控制器:
@RestController
public class GreetingController {
@RequestMapping("/greeting")
public String greeting(@RequestParam(value="name", required=false, defaultValue="World") String name, Model model) {
model.addAttribute("name", name);
return "greeting";
}
}
答案 0 :(得分:1)
根据春季指南:Building a RESTful Web Service
传统MVC控制器与RESTful之间的关键区别 上面的Web服务控制器是HTTP响应主体的方式 创建。而不是依靠视图技术来执行 将问候数据的服务器端呈现为HTML,这个RESTful Web 服务控制器只是填充并返回一个Greeting对象。该 对象数据将作为JSON直接写入HTTP响应。
所以在你的情况下它返回&#34;问候&#34;在JSON中。如果您想让它返回页面greeting.html,您应该使用正常的@Controller。