Html图像不会为已注销的用户加载 - Spring / SpringSecurity

时间:2018-03-21 13:35:09

标签: html spring image spring-mvc spring-security

如标题中所述,当用户受到我的spring webapp的欢迎页面的欢迎时,嵌入的html图像将不会加载,只显示损坏的图像图标。 当用户登录时,图像都是可见的。

没有错误出现,我觉得它与Spring Security功能有关,是否有任何解决方案/解决方法?

我的HTML代码:

<a> <img src="src/main/resources/static/images/logo.jpg"> </img></a>

我的控制器:

 @RequestMapping(value={"/","home"})
       public String home(){
           return "home";
       }

Project Setup

我的网络安全:

package com.FYP.Club.Security;


import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import com.FYP.Club.repository.UserLoginRepository;


@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
       UserLoginRepository userLoginRepository;

    //http.authorizeRequests().antMatchers("/", "/home", "/registeruser").permitAll().antMatchers("/admin").hasRole("ADMIN")

     @Autowired
     DataSource dataSource;

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests().antMatchers("/", "/home", "/registeruser").permitAll().antMatchers("/admin").hasRole("ADMIN")
                    .anyRequest().authenticated().and().formLogin().loginPage("/login").permitAll().and().logout()
                    .permitAll();
            http.exceptionHandling().accessDeniedPage("/403");
            http.csrf().disable();
            //disable csrf to allow communication (we also dont need for this fyp as its not live)
        }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {


           auth.jdbcAuthentication().dataSource(dataSource)
          .usersByUsernameQuery("select user_name,password,user_status from user_login where user_name=?")
          .authoritiesByUsernameQuery("select user_name, password from user_login where user_name=?");         


}

    }

如果您需要更多代码,请告诉我们!

1 个答案:

答案 0 :(得分:1)

您应该将它们配置为被Spring Security忽略。 例如,通过向WebSecurityConfig添加此类方法:

@Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers("/fonts/**", "/images/**", "/css/**");
    }

如果您使用此类链接请求图片:

<a> <img src="/images/logo.jpg"> </img></a>
相关问题
最新问题