Spring Security Thymleaf静态资源不会加载

时间:2016-04-23 10:26:22

标签: spring spring-security static thymeleaf

我使用SpringMVC和Thymleaf以及Spring-Security。 我想使用Thymleaf模板加载页面,我可以加载我的静态资源。

我想加载例如位于:static.html的static / img / theme / logo.png中的图片

以下是我的内容:result

template.html:



       body>
            div layout:fragment="content">

                a href="">img src="../static/img/theme/logo.png" alt="Logo">

                h1>Hello

            /div>

        /body>

MvcConfig.java


 @Configuration
public class MvcConfig extends WebMvcConfigurerAdapter {

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/home").setViewName("home");
        registry.addViewController("/index").setViewName("index");
        registry.addViewController("/template").setViewName("template");
        registry.addViewController("/layout").setViewName("layout");
        registry.addViewController("/login").setViewName("login");

    }



    @Override
    public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
        configurer.enable();
    }


}

WebSecurityConfig:


    @Configuration
    @EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {


        //List of all free pages

        private static final String[] pagesFree = {
                "/home",
                "/template",
                "/layout",

                //Thymleaf directory
                "/css/**",
                "/js/**",
                "/img/**",
                "/fonts/**",
                "/ico/**",
                "/twitter/**",
                "/"
                };



        @Override
        protected void configure(HttpSecurity http) throws Exception {



            http
                .authorizeRequests()
                    .antMatchers(pagesFree).permitAll()
                    .anyRequest().authenticated()
                    .and()
                .formLogin()
                    .loginPage("/login")
                    .permitAll()
                    .and()
                .logout()
                    .permitAll();
        }

        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth.inMemoryAuthentication()
                    .withUser("u").password("u").roles("USER");
        }


    }

Source Code tree

1 个答案:

答案 0 :(得分:2)

在您的安全配置中,您将声明如下内容:

/** Public URLs. */
private static final String[] PUBLIC_MATCHERS = {
        "/webjars/**",
        "/css/**",
        "/js/**",
        "/images/**",
        "/"
};

然后是这样的:

@Override
protected void configure(HttpSecurity http) throws Exception {

    List<String> activeProfiles = Arrays.asList(env.getActiveProfiles());
    if (activeProfiles.contains("dev")) {
        http.csrf().disable();
        http.headers().frameOptions().disable();
    }

    http
            .authorizeRequests()
            .antMatchers(PUBLIC_MATCHERS).permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage("/login").defaultSuccessUrl("/payload")
            .failureUrl("/login?error").permitAll()
            .and()
            .logout().permitAll();
}

在您的Thymeleaf模板中,您要声明如下内容:

<img class="featurette-image pull-left" th:src="@{/images/browser-icon-firefox.png}" />

可以找到项目的工作副本here