如标题中所述,当用户受到我的spring webapp的欢迎页面的欢迎时,嵌入的html图像将不会加载,只显示损坏的图像图标。 当用户登录时,图像都是可见的。
没有错误出现,我觉得它与Spring Security功能有关,是否有任何解决方案/解决方法?
我的HTML代码:
<a> <img src="src/main/resources/static/images/logo.jpg"> </img></a>
我的控制器:
@RequestMapping(value={"/","home"})
public String home(){
return "home";
}
我的网络安全:
package com.FYP.Club.Security;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import com.FYP.Club.repository.UserLoginRepository;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserLoginRepository userLoginRepository;
//http.authorizeRequests().antMatchers("/", "/home", "/registeruser").permitAll().antMatchers("/admin").hasRole("ADMIN")
@Autowired
DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/home", "/registeruser").permitAll().antMatchers("/admin").hasRole("ADMIN")
.anyRequest().authenticated().and().formLogin().loginPage("/login").permitAll().and().logout()
.permitAll();
http.exceptionHandling().accessDeniedPage("/403");
http.csrf().disable();
//disable csrf to allow communication (we also dont need for this fyp as its not live)
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select user_name,password,user_status from user_login where user_name=?")
.authoritiesByUsernameQuery("select user_name, password from user_login where user_name=?");
}
}
如果您需要更多代码,请告诉我们!
答案 0 :(得分:1)
您应该将它们配置为被Spring Security忽略。 例如,通过向WebSecurityConfig添加此类方法:
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers("/fonts/**", "/images/**", "/css/**");
}
如果您使用此类链接请求图片:
<a> <img src="/images/logo.jpg"> </img></a>