Question

我的jsp页面没有打开css和js文件。我尝试了一些我在这里找到的解决方案，例如：

<link rel="stylesheet" type="text/css" href="./style/styles.css">
 <link rel="stylesheet" type="text/css" href="./pages//style/style.css">
 <link href="${pageContext.request.contextPath}/style/style.css" rel="stylesheet"/>
<link href="${pageContext.request.contextPath}/pages/style/style.css" rel="stylesheet"/>
<link type="text/css" rel="stylesheet" href="<c:url value="style/style.css" />" />

但没有任何帮助。

我的securityConfig类：

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("userDetailsService")
    UserDetailsService userDetailsService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests().antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
                 .antMatchers("/user/**").access("hasRole('ROLE_USER')")
                 .antMatchers("/basket/**").access("hasRole('ROLE_USER')")
                  .antMatchers("/resources/**", "/**").permitAll()
                 .and().formLogin()
            .loginPage("/login").failureUrl("/login?error")
                .usernameParameter("username")
                .passwordParameter("password")
                .and().logout().logoutSuccessUrl("/login?logout")
                .and().csrf()
                .and().exceptionHandling().accessDeniedPage("/403");
    }

    @Bean
    public PasswordEncoder passwordEncoder(){
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }

}

CSS文件无法在Spring安全性和纯Spring MVC中打开。在调试日志中：

/style/style.css at position 1 of 12 in additional filter chain ....
/style/style.css at position 12 of 12 in additional filter chain
 Secure object: FilterInvocation: URL: /style/style.css; Attributes: [permitAll]

https://github.com/Panwo/ProjV2.git

编辑：

@Configuration
public class NewConfigure extends WebMvcConfigurerAdapter {
    @Override
    public void addResourceHandlers(final ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/resources/**").addResourceLocations("/resources/");
    }
}

我应该只是声明这个类或者将它注入任何地方，也许是 SpringMvcInitializer扩展AbstractAnnotationConfigDispatcherServletInitializer ？

编辑2

在设置中出现问题？当我从战争中删除网络模块时，我得到404.

Answer 1

我猜你没有指定静态资源映射。所以你的dispatcher正在寻找静态资源的映射。由于您使用的是基于Java的配置，因此添加从WebMvcConfigurerAdapter扩展的配置类并覆盖以下方法：

@Override
public void addResourceHandlers(final ResourceHandlerRegistry registry) {
    registry.addResourceHandler("/resources/**").addResourceLocations("/resources/");
}

现在你必须在你的jsp中引用：

<link rel="stylesheet" type="text/css" href="/resources/style/styles.css">

编辑：（回复您的更新问题）

public class SpringMvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[] { AppConfig.class };
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return new Class[]{NewConfigure.class}; // Here is your updated config
    }

    @Override
    protected String[] getServletMappings() {
        return new String[] { "/" };
    }

}

Answer 2

您可以通过覆盖org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(org.springframework.security.config.annotation.web.builders.WebSecurity)

来忽略CSS和Javascripts文件等资源的安全性

在SecurityConfig.java覆盖上述方法如下。

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring()
        .antMatchers("/style/**");
}

jsp页面中的Spring mvc + Security css和js

2 个答案: