Spring Security 404 静态资源

【问题标题】:Spring Security 404 Static ResourcesSpring Security 404 静态资源
【发布时间】:2015-08-21 00:52:07
【问题描述】:

我正在研究 Spring Security,并将其引入我的 Spring MVC 项目。 但是,我的资源现在被 404 阻止(CSS/JS/IMG..etc) 有谁知道他们为什么被屏蔽?我怀疑 WebInit.java 中的 Dispatcher Servlet 存在问题。?

SpringSecurity.java

package com.catalyst.Config;

/*
    Not Done!
    Still working on Spring Security!
    Problem: Blocking my Resources Folder
*/
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SpringSecurity extends WebSecurityConfigurerAdapter
{    
    @Override
    public void configure(WebSecurity webSecurity) throws Exception
    {
        webSecurity
            .ignoring()
                .antMatchers("/Resources/**");
    }
    
    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        http
            .authorizeRequests()
                .antMatchers("/Resources/**").permitAll()
                .antMatchers("/Dashboard/**").hasRole("ADMIN")
                .and()
                .httpBasic();
    }
    
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception
    {
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER")
                .and()
                .withUser("admin").password("password").roles("USER", "ADMIN");
    }
}

WebInit.java

package com.catalyst.Config;

import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRegistration.Dynamic;

import org.springframework.web.WebApplicationInitializer;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import org.springframework.web.servlet.DispatcherServlet;

public class WebInit implements WebApplicationInitializer
{
    @Override
    public void onStartup(ServletContext servletContext) throws ServletException
    {
        Dynamic hServlet;
        AnnotationConfigWebApplicationContext hAnnoCTX;

        hAnnoCTX = new AnnotationConfigWebApplicationContext();
        hAnnoCTX.register(WebMVCConfig.class);
        hAnnoCTX.setServletContext(servletContext);
        hServlet = servletContext.addServlet("dispatcher", new DispatcherServlet(hAnnoCTX));
        hServlet.addMapping("/");
        hServlet.setLoadOnStartup(1);
    }
}

WebMVCConfig.java

package com.catalyst.Config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.view.JstlView;
import org.springframework.web.servlet.view.UrlBasedViewResolver;

@Configuration
@ComponentScan("com.catalyst")
@EnableWebMvc
public class WebMVCConfig extends WebMvcConfigurerAdapter
{
    @Bean
    public UrlBasedViewResolver setupViewResolver()
    {
        UrlBasedViewResolver hResolver;
        hResolver = new UrlBasedViewResolver();
        hResolver.setPrefix("/WEB-INF/JSP/");
        hResolver.setSuffix(".jsp");
        hResolver.setViewClass(JstlView.class);
        return(hResolver);
    }

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry hRegistry)
    {
        hRegistry.addResourceHandler("/Resources/**").addResourceLocations("/WEB-INF/Resources/*");
    }
}

【问题讨论】:

    标签: java spring security spring-mvc


    【解决方案1】:

    将您的配置更改为

    @Override
protected void configure(HttpSecurity http) throws Exception
{
    http
        .authorizeRequests()

            .antMatchers("/Dashboard/**").hasRole("ADMIN")
            .and()
            .httpBasic();
}

    【讨论】:

    • 还是没有运气。在与一些同事交谈后,我决定放弃 Spring Security。似乎只是有问题。
    • 您能否在更改后提供最新代码...为什么不为 Spring 安全配置选择基于 XML 的配置?
    • 上面的代码是我做的唯一改变。注释似乎是未来,所以我认为这是继续学习的最佳途径。
    猜你喜欢
    • 2016-08-17
    • 2017-11-02
    • 2016-05-04
    • 2017-05-02
    • 1970-01-01
    • 2017-04-07
    • 2017-05-09
    • 2015-11-18
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode