Question

我有一个WebSecurityConfig类，目的是配置安全路径：

   @Configuration
    @EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.csrf().disable().authorizeRequests()
                    .antMatchers("/").permitAll()
                    .antMatchers("/#/").permitAll()
                    .antMatchers("/resources/static/index.html").permitAll()
                    .antMatchers("/resources/static/**").permitAll()
                    .antMatchers(HttpMethod.POST, "/api/auth").permitAll()
                    .anyRequest().authenticated()
                    .and()
                    // We filter the api/login requests
                    .addFilterBefore(new JWTLoginFilter("/api/auth", authenticationManager()),
                            UsernamePasswordAuthenticationFilter.class)
                    // And filter other requests to check the presence of JWT in header
                    .addFilterBefore(new JWTAuthenticationFilter(),
                            UsernamePasswordAuthenticationFilter.class);
        }

        @Override
        public void configure(WebSecurity web) throws Exception {
            web.ignoring().antMatchers("/resources/**", "/static/**");
        }
    }

由于我有一个controller将所有请求转发给index.html，因此应将其提交给所有人：

@Controller
public class ViewController {

    @RequestMapping(value = "/#/")
    public String index() {
        return "forward:/index.html";
    }
}

所有静态内容也应该可用，因为所有Angular 4文件都被复制到静态资源，它看起来像： Files under resource/static directory

但是当我运行应用时，我看到的第一页是一个空白页，其中包含403个错误： Errors in browser

如果您发现路径中存在任何错误或怀疑该错误可能在哪里，是否有人有任何线索？

更新我添加了新课程：

@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/static/").addResourceLocations("/static/");
    }

}

并在课堂上略微指责：

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests()
            .antMatchers("/static/index.html").permitAll()
            .antMatchers("/static/**").permitAll()
            .antMatchers("/").permitAll()
            .antMatchers("/#/").permitAll()
            .antMatchers(HttpMethod.POST, "/api/auth").permitAll()
            .anyRequest().authenticated()
            .and()
            // We filter the api/login requests
            .addFilterBefore(new JWTLoginFilter("/api/auth", authenticationManager()),
                    UsernamePasswordAuthenticationFilter.class)
            // And filter other requests to check the presence of JWT in header
            .addFilterBefore(new JWTAuthenticationFilter(),
                    UsernamePasswordAuthenticationFilter.class);
}

Answer 1

尝试这样的事情。

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/**")
                .addResourceLocations("classpath:/static/");
    }

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/").setViewName("redirect:/index.html");
    }

你很可能不需要这些行。

.antMatchers("/static/index.html").permitAll()
.antMatchers("/static/**").permitAll()
.antMatchers("/#/").permitAll()

你还需要为春天添加@ComponentScan("com.something.something")以了解其中的内容。

@Configuration
@EnableWebMvc
@ComponentScan("com.name.project")
public class WebConfig extends WebMvcConfigurerAdapter {

尝试访问配置为PermitedAll的文件以禁止错误结束

1 个答案: